Back to skill

Security audit

United Kingdom

Security checks across malware telemetry and agentic risk

Overview

This is a coherent UK travel-planning skill that stores trip notes locally and does not include code, network behavior, credential use, or hidden privileged actions.

Install if you want a UK trip-planning assistant that remembers local planning context. Before using it, choose the narrow activation option if you do not want it to trigger on general UK place mentions, and avoid saving sensitive travel, family, mobility, or immigration details unless you are comfortable keeping them in ~/uk/memory.md. You can review, edit, or delete that local file to clear saved context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rules are broad enough to trigger on many generic UK-related mentions, which can cause the skill to activate without clear user intent. In context, that can lead to unnecessary collection and persistence of trip preferences, making the over-triggering more risky than a simple UX issue.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This instruction tells the agent to save user preferences to a local memory file without notifying the user that their data will be persisted. Even though the data is travel-related, it can include sensitive behavioral and scheduling details, and undisclosed retention violates user expectations and privacy principles.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs storage of detailed trip timing, constraints, priorities, and reservation information without any disclosure of retention or access boundaries. In a travel context, these details can reveal future whereabouts, habits, and limitations, so silent persistence creates meaningful privacy and profiling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.