ev-charger
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local shell script (
scripts/ev-charger.sh) to wrap API interactions. The script employsjqto sanitize and URL-encode user-provided input before using it in network requests, which effectively prevents shell command injection. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to
api.getcamino.aifor fetching charging station data and obtaining trial credentials. These requests are transparently documented and limited to the service's functional requirements. - [DATA_EXFILTRATION]: While the skill transmits location data (coordinates and search queries) and an API key to an external server, this behavior is the primary intended function of the skill and is directed to the vendor's infrastructure (
getcamino.ai).
Audit Metadata