Back to skill

Security audit

Search and Book Flights

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed flight-booking helper whose sensitive email, traveler-data, calendar, and payment-related actions are tied to the travel-booking purpose and require human approval.

Before installing, understand that this skill depends on an agent having email access and may involve travel profile details, payment setup, and optional calendar sync. Use it only if you are comfortable with BonBook handling booking data, and personally approve account creation, traveler information entry, calendar connection, flight purchase, change fees, cancellations, and any payment step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.