Back to skill

Security audit

Colombia

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Colombia travel-planning skill with a disclosed local memory file as its main privacy consideration.

Install if you want a Colombia-specific planner that keeps local trip context. Review ~/colombia/memory.md periodically, and avoid saving passport, health, mobility, child-travel, or exact itinerary details you do not want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create and maintain persistent files in the user's home directory without any requirement to notify the user, obtain consent, or explain retention. Even though the data is travel-oriented rather than highly sensitive by default, writing to persistent storage can silently accumulate personal information and creates privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs collection and persistence of travel details such as nationality, travel window, mobility constraints, language comfort, and health-related constraints without a privacy warning or consent flow. These details can reveal sensitive personal attributes, and storing them for future use increases the risk of profiling, unintended disclosure, or misuse if the environment or files are accessed by others.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.