Ctg Travel Booking

The agent could create, cancel, or refund travel orders based on interpreted intent and collected fields, which may affect reservations, money, or travel plans.

The skill authorizes booking and refund workflows and tells the agent to send requests once required parameters are collected, but the provided instructions do not clearly require a final confirmation immediately before high-impact actions.

Anyone who can read or misuse the configured API key may be able to perform travel-account actions through the provider API.

The skill needs a travel-service API key to access account-backed booking functions. This is expected for the integration, but it is sensitive delegated authority.

Passenger names, ID numbers, and phone numbers may be stored or reused in future booking operations.

The skill can save passenger identity and contact details and later retrieve passenger lists for booking flows. This is purpose-aligned, but it persists sensitive personal data in the travel service context.

Using an expired skill may mean outdated workflows or missing fixes; following the replacement link changes the reviewed artifact set.

The artifact clearly says this version is expired and points users to another package/version. It does not auto-download anything, but users should verify the newer package before installing.