Railway 12306

The skill's behavior is clearly aligned with its stated purpose of querying 12306 train tickets. The `SKILL.md` provides clear instructions for the AI agent without any prompt injection attempts for malicious purposes. The core script `scripts/query_tickets.js` makes HTTPS requests to the official 12306 website (`kyfw.12306.cn`), and input parameters are validated against a hardcoded list of station codes, mitigating potential injection risks. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The `scripts/query_tickets_demo.js` is explicitly a demo using mock data, and `package.json` confirms no external dependencies.