Skills
skills/nomadamas/k-skill/ticket-availability/Gen Agent Trust Hub

ticket-availability

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script fetches performance and seat data from official ticketing endpoints.
  • Evidence: https://ticket.yes24.com/New/Perf/Sale/Ajax/axPerfDay.aspx and https://api-ticketfront.interpark.com/v1/goods/{id}/playSeq.
  • These are public, unauthenticated endpoints used for data retrieval only.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from external ticketing websites.
  • Ingestion points: Performance schedules and seat availability counts are fetched from YES24 and Interpark via httpx in scripts/ticket_availability.py.
  • Boundary markers: The script converts the retrieved data into a structured JSON format before passing it to the agent, which acts as a data boundary.
  • Capability inventory: The script is limited to HTTP network operations and string/regex parsing. It does not have file-system access, subprocess execution, or dynamic code evaluation capabilities.
  • Sanitization: The script uses specific regular expressions to extract only numerical seat counts and labels, effectively filtering out any potential malicious payload embedded in the source HTML or JSON.
  • [SAFE]: The skill explicitly avoids restricted activities such as automated purchasing or session handling, complying with relevant local regulations mentioned in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:06 PM