Austria

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Austria travel-planning skill that keeps optional trip notes locally and shows no evidence of hidden execution, credential use, network access, or destructive behavior.

Install only if you are comfortable with Austria trip details being saved locally in ~/austria/memory.md for future planning. Review or delete that file if you do not want dates, budget, mobility, family, or route constraints retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to create and maintain a persistent local memory file containing user trip preferences and constraints, but it does not direct the agent to disclose that storage to the user or obtain consent. This creates a privacy and transparency risk because users may reveal sensitive travel details, budgets, mobility needs, or family-related constraints without realizing that the information will be retained across sessions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal