Argentina

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for travel planning, with the main caveat that it may store personal trip details in a local memory file.

Safe to install if you are comfortable with a travel assistant keeping local trip memory. Before using it, check where the memory file is written, avoid storing unnecessary sensitive immigration or identity details, and delete or edit the file after the trip if you do not want those details retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The setup instructions direct the agent to create and maintain a persistent local memory file containing travel details such as nationality, visa status, dates, budget, mobility needs, and border plans, but provide no notice, consent, retention limits, or sensitivity guidance. This creates a privacy risk because personal trip data may be stored on disk unexpectedly and later accessed, reused, or exposed to other local users, tools, or logs.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal