Airbnb Host Operations

Security checks across malware telemetry and agentic risk

Overview

This is a short-term rental operations instruction skill that asks for sensitive host details, but it has no code, install scripts, credentials, hidden actions, or automatic account-control behavior.

Install only if you are comfortable sharing short-term rental operational details with your agent. Provide the minimum needed information, avoid unnecessary full addresses or personal contact details where placeholders work, and review any drafted guest messages, vendor coordination, pricing suggestions, tax reminders, or saved logs before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The setup instructions explicitly ask users to provide sensitive operational data, including property addresses, listing URLs, cleaning team contact information, and compliance details, without any privacy notice, minimization guidance, or handling restrictions. In the context of a short-term rental operations skill, this data could enable targeting of physical properties, social engineering of vendors, or misuse of business-sensitive information if exposed or retained insecurely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal