Skills
skills/borski/travel-hacking-toolkit/wikipedia-airports/Gen Agent Trust Hub

wikipedia-airports

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches airport data and airline service patterns from Wikipedia's API and official website, as well as route verification data from Southwest Airlines' public website using curl.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external, untrusted content from Wikipedia.
  • Ingestion points: External data is ingested via curl requests to the Wikipedia API and HTML pages in the SKILL.md workflow steps.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent processes the retrieved text.
  • Capability inventory: The skill uses curl, jq, and rg (ripgrep) to fetch and filter data.
  • Sanitization: There is no evidence of sanitization, escaping, or filtering of the fetched external content to prevent instructions within the text from influencing the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:10 PM
Security Audit — agent-trust-hub — wikipedia-airports