sabbatical-travel

Security checks across malware telemetry and agentic risk

Overview

This travel-booking skill is not clearly malicious, but it needs Review because it tells agents to automatically install an unpinned global third-party CLI before searching flights.

Install only if you are comfortable with an agent installing and running the `@fly-ai/flyai-cli` package globally. Prefer preinstalling or approving a trusted pinned version yourself, and use the skill for flight searches only. Travel searches will be processed through the external flyai/Fliggy service, so avoid sharing unnecessary personal itinerary details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to install and execute a global npm package without requiring explicit user consent or warning that this modifies the host environment. In an agent setting, this can lead to unreviewed package installation, supply-chain exposure, and persistent system changes on the user's machine or runner.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger terms for the cheapest-flight playbook include broad words like "cheap" and "budget," which can appear in many travel-related user requests that do not specifically ask to optimize for lowest price. This can cause the skill to invoke a cost-focused search path unexpectedly, leading to misleading results, incorrect recommendations, or user actions based on the wrong optimization criteria.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The fastest-route playbook is triggered by generic terms like "fast" and "quick," which are context-ambiguous and may refer to response speed, booking process, or other non-routing concerns. This ambiguity can cause the wrong playbook to run and bias search results toward speed rather than the user's actual preference.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The fallback condition "0 results from above playbooks" is underspecified because it does not define evaluation order, result quality thresholds, or whether user constraints should be preserved before broadening the search. In a travel-booking skill, this can lead to unintended fallback execution, looser queries, and irrelevant or misleading search results that do not match the original request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal