Ireland

Security checks across malware telemetry and agentic risk

Overview

This Ireland travel-planning skill is coherent and locally scoped, but users should know it saves and reuses trip preferences on their device.

Install this if you want Ireland trip advice that can remember your plans. Before sharing details, consider that ~/ireland/memory.md may store travel dates, budget, dietary needs, mobility needs, and booking notes for later reuse; review, edit, or delete that file if you do not want those details retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The setup flow instructs the agent to create and maintain a persistent local memory file containing trip context, including potentially sensitive preference and constraint data, without informing the user that data will be stored locally. This creates a privacy and consent issue because users may disclose budget, dietary, mobility, and travel details without understanding they are being retained across sessions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The returning-user flow explicitly tells the agent to read stored trip data silently and reuse it without disclosure, which bypasses user awareness of persistent state. Silent retrieval of prior personal preferences and constraints can surprise users and undermine privacy expectations, especially when the stored data may include sensitive mobility, dietary, or budget information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal