warn
suspicious.prompt_injection_instructions
- Location
- SKILL.md:18
- Finding
- Prompt-injection style instruction pattern detected.
Travel Planner Pro
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.prompt_injection_instructions
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running setup will create and modify local files and permissions in the workspace.
Why it was flagged
The setup guide asks the agent/user to run local shell commands and later copy a helper script into the workspace. This is expected setup behavior, not hidden execution, but it is still code execution in the user's environment.
Skill content
Run these commands to create all necessary directories and set permissions: `mkdir -p travel/trips` ... `chmod 700 travel travel/trips`
Recommendation
Review the setup commands and helper script before running them, especially because this package is listed with an unknown source and no homepage.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Anyone with access to the workspace may learn sensitive travel habits, dates, companions, and document-related details.
Why it was flagged
The skill intentionally stores a persistent travel profile containing personal preferences, companions, loyalty details, and passport expiry information, then reuses it for future planning.
Skill content
Profiles live in `travel/travel-profile.json`... `passport_valid_through`, `companions`, `loyalty_programs`, `learned_preferences`
Recommendation
Do not store raw passport numbers, payment card numbers, or booking credentials; periodically review or delete the travel profile if it is no longer needed.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Search and weather providers may receive parts of the trip context needed for research.
Why it was flagged
The skill sends destination research and weather queries to external tools/providers. This is expected for travel planning, but travel dates, destinations, coordinates, and related query terms may leave the local workspace.
Skill content
Use `web_search` to gather... Typical daily costs... Current visa requirements... Use `web_search` or `web_fetch` to query Open-Meteo
Recommendation
Avoid including passport numbers, booking confirmation numbers, or other unnecessary sensitive details in search requests.
NoteMedium Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
A user might share more sensitive travel information than necessary if they rely solely on the marketing language.
Why it was flagged
These are strong privacy and audit claims. Other artifacts do disclose web search, Open-Meteo calls, and optional dashboard/database concepts, so the claims should be treated as assurances to verify rather than guarantees.
Skill content
100% private... Codex Security Verified... Zero data exfiltration. Your travel plans, passport info, and budget stay on YOUR device.
Recommendation
Treat the privacy claims cautiously; only provide the data required for the task and review any optional dashboard/cloud setup separately.