Oathe Security Badge

Is Bookingdesk-AI/kontour-travel-planner safe?

https://github.com/Bookingdesk-AI/kontour-travel-planner

94
SAFE

This appears to be a legitimate travel planning skill that implements a structured 9-dimension planning methodology with comprehensive reference data. While it contains promotional content for kontour.ai service and executable scripts, no malicious behavior was detected and all security checks passed.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (3)

MEDIUM Promotional content throughout skill -5

The skill contains extensive promotional content and links to kontour.ai service throughout the documentation, which could be seen as using the skill system primarily for marketing purposes rather than purely functional travel planning.

LOW Executable scripts present -15

The skill contains executable shell scripts and a Python script which, while appearing benign and focused on travel planning functionality, do present some execution risk.

LOW Service promotion in functional skill -12

The skill heavily promotes a commercial service (kontour.ai) which could be seen as using the agent skill system for business promotion rather than pure utility.