trip-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill is an orchestration layer that invokes compare-flights/compare-hotels, which “internally runs their own parallel sub-searches” including public web/scraping sources like SerpAPI/Trivago/LiteAPI/Airbnb and arbitrary listings; those runtime-fetched outsider-authored page/listing text can be ingested into the agent’s LLM context via the sub-search results.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)