France

Security checks across malware telemetry and agentic risk

Overview

This France travel skill is a coherent local guide, with the main consideration that it stores trip preferences in a local file for reuse.

Install if you are comfortable with a local ~/france/memory.md file storing trip context. Avoid saving sensitive confirmation numbers or unnecessary personal details, and review, edit, or delete that file when you no longer want the skill to remember your France trip preferences.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to create and maintain a persistent file in the user's home directory containing trip preferences and constraints, but it never requires explicit user consent, disclosure of retention, or limits on what gets stored. This creates a privacy and data-handling risk because travel dates, budget, mobility needs, and dietary constraints can be sensitive and may be retained or reused unexpectedly.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to persist user-supplied travel details and reuse them later without defining data minimization rules or excluding sensitive information. Because the prompted fields include mobility constraints, dietary constraints, budget, and itinerary timing, the memory file could accumulate personal data that is later surfaced, mishandled, or exposed beyond the user's expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal