Skills
skills/unfallenwill/tripbot/trip-plan/Gen Agent Trust Hub

trip-plan

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill utilizes the WebFetch tool to ingest content from travel blogs and the WebSearch tool for travel research. This represents an ingestion point for untrusted external data that could potentially contain malicious instructions.
  • Ingestion points: WebFetch is used to gather information from external travel blogs in Phase 1B.
  • Boundary markers: The instructions do not explicitly specify the use of delimiters or 'ignore' warnings for the fetched content.
  • Capability inventory: The skill has Write and Edit permissions, primarily used to generate and save a Markdown itinerary file (tripbot-{destination}-{YYYY-MM-DD}.md).
  • Sanitization: No explicit sanitization or validation of the fetched web content is mentioned before it is processed or included in the final export.
  • [COMMAND_EXECUTION]: The skill uses the Write tool to export the final itinerary to a file. The filename is dynamically generated based on the destination and date, but the scope is limited to the current directory and the content is restricted to the trip data collected during the conversation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:35 AM