google-flights
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
agent-browsercommands via Bash to automate flight searches. It interpolates user-provided variables like{ORIGIN}and{DEST}directly into shell command strings, which creates a surface for potential command injection if input is not validated by the agent.- [EXTERNAL_DOWNLOADS]: The skill requires the installation of theagent-browserpackage from the npm registry as a prerequisite for its browser automation functionality.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its interaction with external web content. - Ingestion points: Flight descriptions and booking data are retrieved from Google Flights via the
agent-browser snapshotcommand in SKILL.md. - Boundary markers: The skill lacks explicit delimiters or instructions to the agent to ignore potentially malicious instructions embedded in the external flight data.
- Capability inventory: The skill uses the
Bashtool to execute browser automation and process results. - Sanitization: No content sanitization or input validation is specified before the agent processes the retrieved data.
Audit Metadata