Travel Manager

Security checks across malware telemetry and agentic risk

Overview

This is a simple markdown-only travel planning helper with no executable code, hidden access, persistence, or credential handling.

Reasonable to install as a planning aid. Treat its document and visa notes as generic guidance, verify current requirements with official sources before travel, and avoid sharing passport, health, payment, or account details unless you are intentionally using a separate trusted booking or document workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description says to use the skill whenever 'needing to plan international trips, manage multi-destination itineraries, handle family travel logistics, optimize travel costs, and coordinate complex travel arrangements.' This is broad natural-language activation guidance without clear constraints or exclusion conditions, increasing the chance of unintended invocation for general travel questions.

Vague Triggers

Low

Confidence: 82% confidence
Finding: The usage examples provide example requests but do not define a bounded trigger set or clarify when similar everyday travel-planning requests should not activate the skill. For markdown/manifest content, this can leave invocation behavior ambiguous.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal