途牛旅游CLI技能

The skill functions as a Tuniu travel assistant that executes commands via the `tuniu-cli` using shell execution, which is a high-risk capability. It handles sensitive personally identifiable information (PII), such as passenger names and ID numbers, and includes a 'dynamic discovery' feature that fetches remote service definitions from `https://openapi.tuniu.cn`. While these capabilities are aligned with the stated travel-booking purpose, the instruction to pass JSON arguments within single quotes in a shell command (`tuniu call ... -a '<JSON>'`) without explicit sanitization guidance creates a significant shell injection surface, fitting the criteria for a suspicious classification due to inherent architectural vulnerabilities.