Back to skill

Security audit

Tmp.POztSw876T

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Zola account integration, but it asks users to provide a long-lived account token and may activate for broad wedding-planning requests without clear enough scoping.

Review this carefully before installing. Only use it if you are comfortable giving the agent durable access to your Zola account data, and prefer not to paste or store a refresh token unless you understand how to revoke or rotate it. Treat the token like a password and confirm any account-changing actions before they run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text is broad enough to match many general wedding-planning requests that do not clearly indicate Zola-specific user intent. That can cause the agent to invoke a high-privilege integration unnecessarily, increasing the chance of accessing or acting on sensitive guest, budget, registry, and vendor data when the user only wanted generic advice.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs users to extract and supply a long-lived refresh token / cookie-derived JWT that grants durable account access, but it does not prominently warn that this credential is highly sensitive and can expose private wedding data and enable account modifications. Because the token lasts about a year and the skill supports many read/write actions, leakage or careless handling could lead to prolonged unauthorized access to guest lists, addresses, budgets, vendor conversations, events, and registry data.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.