swiggy-dineout-booking
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a workflow for the agent to use the
swiggyCLI tool for searching restaurants, viewing details, and managing table bookings. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to process user-supplied data such as restaurant names, IDs, and reservation dates, which are interpolated into CLI command arguments. This presents a potential surface for indirect prompt injection or command injection. (1) Ingestion points: User-provided search queries, restaurant IDs, and reservation dates in
SKILL.md. (2) Boundary markers: Search queries are wrapped in double quotes in example commands. (3) Capability inventory: Subprocess execution of theswiggyCLI tool. (4) Sanitization: No explicit sanitization or input validation logic is described in the skill.
Audit Metadata