express-bus-booking
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with the official Korean Express Bus (KOBUS) domain (kobus.co.kr) to retrieve timetables and terminal information.
- [SAFE]: Security best practice violation: The included Python script
scripts/kobus_express_booking.pyexplicitly disables SSL certificate verification usingssl._create_unverified_context()and lowers cipher security levels. While this reduces protection against man-in-the-middle (MITM) attacks, it appears to be a deliberate compatibility measure for the target server rather than a malicious implementation. - [SAFE]: The skill follows secure handoff practices by generating a local HTML auto-submit form (
kobus-payment-autosubmit.html) for the final checkout step. This ensures that the agent never handles or observes the user's credit card information, as final entry occurs on the official vendor site. - [SAFE]: Temporary seat holds and cancellations are managed via official AJAX endpoints, and the skill includes instructions for proper cleanup of abandoned holds.
Audit Metadata