Back to skill

Security audit

旅行攻略规划助手

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language travel-planning skill with only Markdown guidance and no executable code or hidden system access.

Safe to install from a security perspective. Use it when China-specific travel assumptions are helpful, and verify current visa rules, prices, exchange rates, insurance terms, and safety guidance before booking. Avoid sharing passport images, payment details, or other sensitive documents in prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill explicitly targets Chinese travelers and is written entirely in Chinese without asking for the user's preferred language or whether China-specific assumptions are appropriate. This can cause the agent to default to nationality- or locale-based assumptions, producing mismatched visa, payment, platform, or safety guidance for users who do not fit that profile.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.