compare-hotels
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes data from external platforms including Airbnb, Google Hotels (via SerpAPI), and travel portals (Chase/Amex). While it lacks explicit boundary markers for this external content, the risk is inherent to its primary function and the sources are well-known services.
- Ingestion points: External search results from SerpAPI, Trivago, LiteAPI, TripAdvisor, and Airbnb are consolidated into a unified comparison as described in Step 1.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' markers are defined for the aggregated data.
- Capability inventory: The skill coordinates the execution of other tools that interact with the network and local property databases, but does not execute arbitrary code itself.
- Sanitization: No explicit sanitization or validation logic for external strings is described in the workflow.
- [SAFE]: The skill correctly manages dependencies by referencing separate specialized skills for travel portals and data lookup. It identifies required environments such as Docker for specific sub-skills.
Audit Metadata