Back to skill

Security audit

Travel Language Barrier Navigator

Security checks across malware telemetry and agentic risk

Overview

This is a low-impact travel language planning skill that runs only local parsing and returns informational JSON guidance.

Install this only if you want descriptive travel communication planning. It does not book travel, fetch live information, or provide professional medical/legal advice, so verify emergency contacts, translations, and local requirements with official or trusted sources before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger guidance is broad enough that the skill may activate for generic travel or communication queries outside its intended scope. Overly broad activation increases the chance of unintended invocation, context hijacking, or the model supplying this skill's heuristics when a more appropriate or safer workflow should handle the request.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The example prompts contain generic wording like 'provide language framework' and 'help me with ... for my trip' that could match many unrelated travel or language tasks. Ambiguous examples train broad invocation behavior, which can cause accidental routing, poor task isolation, and increased exposure to prompt-confusion issues in multi-skill environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.