Security audit

Trip Guide PDF Car Sleep

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-planning skill that guides an agent to research car-sleep trip logistics and produce HTML/PDF guide files without requesting sensitive access or persistence.

Before installing, expect the agent to browse travel, map, and review sources and to create local screenshots plus HTML/PDF guide files. Confirm desired filenames and locations when revising guides so prior versions are not accidentally replaced.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 83% confidence
Finding: This is a markdown file, so missing-warning review applies to described behaviors that may affect user data or system integrity. Line L008 instructs the agent to build HTML first and export PDF later, but the skill text does not warn the user that local files will be created and potentially replaced during revisions/versioning.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal