camino-school-finder

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/school-finder.sh is vulnerable to command argument injection. While the query parameter is URI-encoded using jq, other parameters such as lat, lon, radius, and limit are appended directly to the curl command string after being extracted from JSON. Because these variables are expanded inside double quotes in the curl call, a maliciously crafted JSON input containing double quotes (e.g., {"limit": "20\" -o /tmp/malicious"}) could break out of the URL string and inject additional arguments into curl, potentially allowing for arbitrary file writes.
  • [EXTERNAL_DOWNLOADS]: The skill performs GET requests to api.getcamino.ai to fetch location data. This is the official API for the Camino AI suite as documented.
  • [DATA_EXFILTRATION]: The identified argument injection vulnerability in the curl command could be leveraged to exfiltrate sensitive information by redirecting the output of the request or by injecting additional headers and parameters that point to an external server.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes location-based queries and coordinates which may originate from untrusted user input or external data sources.
  • Ingestion points: User-provided search queries and location parameters processed by scripts/school-finder.sh.
  • Boundary markers: None observed in the prompt or script to delimit untrusted data.
  • Capability inventory: The skill has the ability to execute shell commands via curl and jq.
  • Sanitization: Only the query parameter is URI-encoded; numeric and other string parameters lack sufficient validation or encoding.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 11:16 AM
Security Audit — agent-trust-hub — camino-school-finder