Back to skill

Security audit

Explore Europe

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Europe travel-planning skill, but it needs review because it can install a global travel CLI and persist raw travel queries without clear user consent.

Install only if you are comfortable using FlyAI/Fliggy for travel searches, and approve any global npm installation yourself rather than letting it happen silently. Avoid entering passport numbers, payment details, or sensitive identity information unless you understand where the CLI sends data. Check for and delete `.flyai-execution-log.json` if you do not want raw travel queries retained locally, and verify visa information with official embassy, consulate, or immigration sources before travel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The fallback explicitly instructs the agent to provide visa guidance from generic domain knowledge when live data is unavailable. Visa rules are time-sensitive, nationality-dependent, and legally consequential, so unsupported fallback answers can easily become inaccurate and mislead users into noncompliance, denied boarding, or border-entry problems. In this travel-booking context, the risk is elevated because users are likely to rely on the skill for operational travel decisions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The runbook explicitly records the raw user query and detailed CLI commands for every invocation, creating a broader telemetry trail than is necessary for a travel-planning skill. Because travel requests commonly contain personal data such as names, dates, locations, passport or visa details, and booking preferences, this logging increases privacy exposure and creates a reusable sensitive audit trail if logs are accessed or retained insecurely.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation criteria are broad enough to trigger on generic mentions like 'Paris' or 'London', which can cause the skill to take over unrelated conversations and push users into the CLI-driven workflow unexpectedly. In this skill, that matters because activation can lead directly to command execution and even package installation, increasing the chance of unintended system actions from ordinary travel-related prompts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to install a global npm package and execute a CLI as a mandatory prerequisite, without user consent, trust verification, or sandboxing guidance. This is dangerous because it authorizes persistent system modification and arbitrary external code execution in response to a travel query, greatly expanding the attack surface if the package is compromised or the environment is sensitive.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "Europe trip" is very broad and likely to match many ordinary user travel queries, causing this playbook to activate without clear user intent. In a skill that can drive flight, hotel, and ticket booking flows, ambiguous activation increases the risk of unintended tool use, parameter mapping mistakes, or steering users into a preset workflow that does not fit their request.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "Paris London Rome" lacks clear boundaries and could be activated by normal discussion of popular destinations rather than an explicit request for this exact playbook. Because the skill supports transactional travel operations, this ambiguity can misroute user requests into a precomposed sequence of flights, hotels, and attractions that may not reflect user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "cheap Europe trip" is ambiguous and common enough to collide with many generic budget-travel queries. In this skill's context, broad matching could push users into a predefined budget playbook involving flights, hostels, museums, and rail products without sufficient confirmation, leading to inappropriate recommendations or unintended downstream booking actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The schema stores raw user input internally while also stating that the log is not shown to users, indicating silent collection without any notice in the skill content. In a travel context, users may provide sensitive itinerary, identity, and visa-related information, so undisclosed retention of the full prompt creates a privacy risk and can violate user expectations or platform data-handling requirements.

Ssd 3

Medium
Confidence
97% confidence
Finding
The runbook combines storage of raw user input with persistent append-to-file logging, which turns transient sensitive travel queries into a durable local dataset. Persistent logs materially raise the chance of later unauthorized access, accidental disclosure, over-retention, or collection of regulated personal data, especially when the content may include booking details, locations, passport/visa information, and operational command history.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.