camino-places
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a shell script (
scripts/places.sh) to executecurlandjqcommands for API communication and data processing. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.getcamino.aito fetch location results and images. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).
- Ingestion points: Data is received from the external API endpoint
api.getcamino.ai/searchinscripts/places.sh. - Boundary markers: No specific boundary markers or instructions are provided to the agent to distinguish the API's content from system instructions.
- Capability inventory: The skill has access to
curlandjqvia the provided shell script. - Sanitization: The results from the API are passed to the agent without validation or sanitization, potentially allowing embedded instructions in the location data to influence the agent's behavior.
Audit Metadata