camino-places

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a shell script (scripts/places.sh) to execute curl and jq commands for API communication and data processing.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.getcamino.ai to fetch location results and images.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).
  • Ingestion points: Data is received from the external API endpoint api.getcamino.ai/search in scripts/places.sh.
  • Boundary markers: No specific boundary markers or instructions are provided to the agent to distinguish the API's content from system instructions.
  • Capability inventory: The skill has access to curl and jq via the provided shell script.
  • Sanitization: The results from the API are passed to the agent without validation or sanitization, potentially allowing embedded instructions in the location data to influence the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:16 AM
Security Audit — agent-trust-hub — camino-places