Security audit

Resort Snow Checker

Security checks across malware telemetry and agentic risk

Overview

This is a simple snow-and-weather lookup skill that uses web search and does not include executable code or hidden privileged behavior.

Before installing, understand that the skill will likely search the web using the resort name and travel date you provide. Avoid including sensitive trip details, and verify closures, avalanche warnings, and severe weather with official resort or local safety sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description claims it can handle "ANY ski resort globally," which creates an overly broad invocation scope without clear trigger boundaries or narrowing criteria. This can cause the agent to activate in unintended contexts, increasing the chance of inappropriate tool use, user confusion, or prompt-routing collisions with other travel/weather-related skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal