Europe

Security checks across malware telemetry and agentic risk

Overview

This is a Europe travel and relocation guidance skill with disclosed optional local memory and no executable code or hidden access.

Install if you want Europe-specific travel or relocation help. Use the ~/europe/ memory file only if continuity is useful, review or delete it when plans change, and avoid saving identifiers, financial details, insurance IDs, or full addresses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The template instructs creation of a persistent memory file that may store sensitive personal context such as nationality, visa posture, family needs, healthcare sensitivities, and location plans. Although it says to create the file only if the user wants continuity and to avoid full identifiers by default, it does not require an explicit privacy notice, consent flow, retention limit, or minimization guard before persisting potentially sensitive data across sessions.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The setup instructs activation 'whenever the user mentions Europe at all,' which is an overly broad trigger that can cause the skill to engage outside the user's intended scope. This creates a privacy and autonomy risk because the agent may start collecting Europe-related preferences or steering the conversation into region-specific logic without clear user opt-in.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal