build-travel-hospitality-faq-page

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight FAQ-writing skill for travel and hospitality content, with no install scripts, credential access, persistence, or hidden high-impact behavior.

Install is reasonable for FAQ drafting. Review all generated travel and hospitality answers before publishing, especially pricing, refunds, booking terms, accessibility, safety, legal, and policy claims; treat web_search results as draft support rather than authoritative source material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The description is broad enough that the skill could be invoked in loosely related travel, hospitality, or marketing contexts without clear boundaries. That increases the chance of accidental activation and inappropriate use of web_search or content generation in situations where a more specific skill or additional validation would be safer.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The suggested prompt, "[Build Travel Hospitality FAQ Page] for my team," is highly generic and resembles ordinary user speech, which can cause unintended triggering or routing collisions with other general content-writing skills. In an agent environment, ambiguous activation can lead to the wrong capability being applied, producing externally facing content without sufficient scoping or review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal