The Agent Skills Directory

[DYNAMIC_EXECUTION]: The helper script scripts/flight_ticket_search.py utilizes os.execve() to perform process replacement, restarting the script inside a dynamically created virtual environment located in the user's cache directory.
[COMMAND_EXECUTION]: The script invokes subprocess.check_call() to run shell commands for creating a virtual environment and upgrading pip. This execution is part of the skill's automated setup process.
[REMOTE_CODE_EXECUTION]: The skill automatically downloads and installs the fast-flights==2.2 package from the Python Package Index (PyPI) at runtime. Although PyPI is a standard registry, this creates a dependency on external code that is executed during the skill's operation.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted flight data scraped from Google Flights, which could theoretically contain malicious instructions embedded in flight names or other descriptive fields.
Ingestion points: Flight metadata (airline names, flight times, and price text) is ingested via the fast-flights library in scripts/flight_ticket_search.py.
Boundary markers: The script does not implement specific boundary markers or instructions to the agent to ignore embedded commands in the flight data.
Capability inventory: The skill uses subprocess for environment setup and performs network operations via the scraped library; however, its primary runtime behavior is limited to data retrieval and formatting.
Sanitization: While the script validates IATA codes and dates using regular expressions, the textual content of flight search results is passed to the agent without specific sanitization.

flight-ticket-search