Chile

Security checks across malware telemetry and agentic risk

Overview

This Chile travel-planning skill is coherent and locally scoped, with a transparency caveat around its trip-memory file.

Install only if you are comfortable with the agent keeping Chile trip preferences in ~/chile/memory.md. Review or delete that file if you do not want past dates, budget, mobility, dietary, or itinerary constraints reused later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to create and update a persistent file in the user's home directory to store travel preferences and constraints, but it does not require explicit disclosure or consent before writing that data. Persistently storing user data without clear notice can violate user expectations, create unnecessary retention of personal information, and expose that information to later unintended access by the agent or other local processes.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instruction to read the user's memory file 'silently' means previously stored preferences and constraints may be accessed without informing the user at the time of access. Hidden retrieval of persisted personal data undermines transparency and informed consent, and can surprise users who do not realize earlier conversations or stored files are being reused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal