Back to skill

Security audit

graduation-trip

Security checks across malware telemetry and agentic risk

Overview

This travel skill is mostly coherent, but it tells agents to automatically install an unpinned global CLI and send trip details to an external service without clear user control.

Review this before installing if you are not comfortable with an agent modifying your system. Use it only after you explicitly approve installing the flyai CLI, preferably in an isolated environment, and assume your route, dates, and travel preferences will be shared with the FlyAI/Fliggy-backed service when searches run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill explicitly says agents must never invent unlisted CLI parameters, yet Playbook D later uses `--journey-type 1`, which is not defined in the Parameters table. This inconsistency can cause agents to execute unsupported flags or normalize unsafe behavior where undocumented parameters are accepted without validation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria include broad phrases such as `plan a trip`, which overlap with ordinary travel-planning requests well beyond the advertised graduation-trip scope. Over-broad activation can cause the agent to invoke this skill unexpectedly, leading to unnecessary external queries, package installation attempts, and disclosure of user itinerary details to third-party tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to install `@fly-ai/flyai-cli` globally if the tool is missing, but provides no user-facing warning or consent step before making a system change. Silent installation of external software increases supply-chain and environment-modification risk, especially in agentic contexts where users may not expect package installs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill mandates sending travel search parameters through an external CLI/service but does not warn users that itinerary details such as origin, destination, and dates will leave the local context. In travel workflows, these details can reveal personal plans and should not be transmitted without transparent notice and consent.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The fallback condition '0 results from above playbooks' is underspecified, which can cause broad-search behavior to activate unexpectedly and issue a keyword query built from user-controlled origin and destination fields. In a travel skill this is more concerning because fallback expands scope from structured parameterized search to looser query construction, increasing the chance of unintended external searches, noisy results, or misuse if inputs are malformed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.