Skills
skills/better-world-ai/x-cli/travel-planning/Gen Agent Trust Hub

travel-planning

Fail

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the xiaohongshu-cli tool from an external third-party Homebrew tap xpzouying/agent-cli.
  • [EXTERNAL_DOWNLOADS]: The skill directs cloning of source code for ctrip-cli and booking-cli from a GitHub repository (https://github.com/better-world-ai/x-cli).
  • [REMOTE_CODE_EXECUTION]: The instructions involve compiling downloaded source code using go build and executing the resulting binaries on the local system.
  • [COMMAND_EXECUTION]: Multiple shell commands are orchestrated to invoke CLI tools (ctrip-cli, booking-cli, xiaohongshu-cli), passing parameters potentially influenced by external data.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by ingesting untrusted data from external travel platforms.
  • Ingestion points: Data retrieved via xiaohongshu-cli search (user travel notes) and ctrip-cli destination (travel tips/notes) is processed in the agent context (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The environment allows shell execution of downloaded binaries.
  • Sanitization: There is no evidence of sanitization or validation of the external platform data before it is consumed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 26, 2026, 07:38 AM
Security Audit — agent-trust-hub — travel-planning