Back to skill

Security audit

Expedia

Security checks across malware telemetry and agentic risk

Overview

This Expedia skill is a disclosed travel-search and booking-prep helper with local memory and optional partner API workflows, but it requires user approval for booking or sensitive actions.

Install only if you are comfortable with local travel-planning memory under ~/expedia/ and with sending trip search details to Expedia services during live lookups. Use partner credentials only for authorized Expedia integrations, keep secrets out of notes, and approve booking or payment steps only after reviewing final price, fees, cancellation terms, traveler details, and authorization scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation scope is defined broadly as handling 'Expedia-specific' requests without clear boundaries, exclusions, or disambiguation rules. That can cause the skill to trigger on loosely related travel queries, collect/store user context unnecessarily, or steer users into Expedia workflows when a narrower or neutral response would be more appropriate.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs storing user preferences and trip-related patterns in ~/expedia/memory.md, but it does not clearly limit what data may be retained or warn about sensitive travel-related information. In a booking context, recurring destinations, trip shapes, partner capabilities, and accepted/rejected options can reveal behavioral, business, or potentially sensitive personal patterns if stored without minimization and transparency.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.