Back to skill

Security audit

Jinko

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed flight and destination search integration that sends travel queries to Jinko’s external MCP service.

Install only if you are comfortable sending flight-search and destination-planning details to Jinko’s MCP service. For ambiguous travel planning conversations, confirm before asking the agent to search so it does not share unnecessary itinerary details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises itself for broad 'travel-planning' and 'destination-discovery' requests, which can cause it to activate in conversations that are not specifically asking for flight search. Over-broad triggering can lead to inappropriate tool invocation, unnecessary data sharing with the external Jinko MCP service, and reduced user control over when third-party services are used.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.