Holiday Travel Ranker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed travel-planning skill that searches public travel information and creates reports, with only minor scope and packaging cautions.

Safe to use for ordinary travel planning. Expect it to ask for trip preferences, perform web searches using those details, and generate local Markdown/HTML reports. Avoid sharing unnecessary personal information, and review any future package version that adds the missing scripts or reference files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list is broad and includes common travel-planning phrases such as '旅行推荐', '去哪里旅游', and 'holiday travel', which are likely to appear in ordinary conversation. This can cause unintended invocation of the skill, leading to unnecessary web searches, follow-up prompts, and generation of reports when the user did not explicitly want this specialized workflow.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are very broad, common travel-planning utterances that many users could say in ordinary conversation, so the skill may activate when the user did not explicitly intend to invoke it. Unintended invocation can cause unnecessary web searches, data collection, and report generation, increasing the risk of confusing behavior, privacy over-collection, or misuse of agent resources.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal