Dataify Bing Maps

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Bing Maps/Dataify API helper that requires user confirmation before sending map queries to the external service.

Before installing, understand that confirmed map searches, coordinates, place IDs, and your Dataify token are sent to Dataify's API. Review the displayed parameter table before confirming, especially for sensitive home, work, or travel locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition is broad enough to fire on ordinary Bing Maps usage without a clear boundary for when the skill should activate. Overbroad invocation increases the chance that routine location searches, coordinates, or place identifiers are sent to the external service unintentionally, expanding privacy exposure and surprise execution. Because this skill performs live network calls, accidental triggering has real security and data-handling consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal