intercity-bus-booking
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to the official Tmoney intercity bus website (
intercitybus.tmoney.co.kr) to retrieve timetable data and seat status. This is a well-known service for Korean travel. - [COMMAND_EXECUTION]: The skill executes a local Python helper script (
scripts/intercity_bus_search.py) to manage the HTTP session and parse HTML responses. - The script uses
ssl._create_unverified_context()to disable SSL certificate verification. While the author notes this is for resilience with the specific host, it is a security best practice violation that increases exposure to Man-in-the-Middle (MitM) attacks. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) due to its dependency on external web content.
- Ingestion points: The Python script fetches and parses raw HTML schedules from the external Tmoney domain.
- Boundary markers: The instructions do not define clear boundaries or provide "ignore embedded instructions" warnings for the agent when it handles the parsed bus data.
- Capability inventory: The skill has the capability to execute scripts and perform network operations via the terminal.
- Sanitization: The script uses regular expressions to strip HTML tags, but it does not perform semantic validation or escaping of the content before presenting it to the agent, which could allow instructions hidden in the data to influence agent behavior.
Audit Metadata