Domestic Flight Search

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its flight-search purpose, but its optional local HTTP server exposes an under-disclosed parameter that can read caller-chosen local JSON files.

Use the CLI search mode or keep HTTP mode bound to localhost only. Do not expose the local server to other machines, and avoid using the sample_response query parameter unless the publisher restricts it to bundled fixtures or removes it from the HTTP API.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The HTTP /search endpoint accepts a user-controlled sample_response parameter and passes it directly to open() in run_search(), allowing any local file readable by the service account to be loaded. In the context of a flight lookup skill, arbitrary local file access is unrelated to core functionality and can expose secrets, configuration files, API keys, or other sensitive local data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal