wheretocredit
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions and reference data for calculating flight mileage earnings. It does not contain executable code, scripts, or configuration that poses a security risk.
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch data from wheretocredit.com, a well-known travel industry resource. This activity is consistent with the skill's stated purpose and uses public URLs.
- [DATA_EXPOSURE]: No hardcoded credentials or sensitive file paths were found. The skill only processes flight-related metadata provided by the user (airline, booking class, distance).
- [PROMPT_INJECTION]: The instructions do not contain patterns intended to bypass AI safety guardrails or override system instructions.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests data from external URLs (wheretocredit.com), it lacks exploitable capabilities such as file system writes or shell execution. Mandatory Evidence: 1. Ingestion points: wheretocredit.com fetched via webfetch (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: None detected; 4. Sanitization: Absent.
Audit Metadata