Skills
skills/zcong1993/skills/seat-advisor/Gen Agent Trust Hub

seat-advisor

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/fetch_seatmap.ts includes a hardcoded session cookie (COOKIE) used to authenticate requests to the seatmaps.com service. The skill documentation explicitly mentions this and provides instructions for the user to update it manually if it expires.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to api.seatmaps.com and seatmaps.com to retrieve flight schedules and seat map configurations. These operations are necessary for the skill's functionality and target well-known domains.
  • [COMMAND_EXECUTION]: The skill executes the local TypeScript script scripts/fetch_seatmap.ts using the bun runtime to process aircraft data and generate seating recommendations.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes data scraped from an external website (Ingestion point: scripts/fetch_seatmap.ts). While there are no explicit boundary markers or sanitization routines for the ingested HTML attributes, the capability inventory is restricted to data display and recommendation logic, representing a low risk profile.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 11:29 AM