Security audit

unaccompanied-minor

Security checks across malware telemetry and agentic risk

Overview

This flight-search skill is not clearly malicious, but it gives the agent broad travel triggers and tells it to install a persistent global third-party CLI without explicit user approval.

Review before installing. Use it only if you are comfortable letting your agent run flyai and, if missing, install @fly-ai/flyai-cli globally; approve that install yourself, verify the package source, and treat the skill as mainly a flight-search helper rather than the broader travel-service tool described.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The skill says agents must never invent CLI parameters and may only use flags listed in the Parameters Table, but elsewhere maps unaccompanied-minor queries to `--journey-type 1`, which is not declared in that table. This inconsistency can cause agents to rely on undocumented behavior, fail unpredictably, or normalize use of hidden parameters without validation.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The activation triggers include broad phrases such as 'travel booking' and 'trip search', which can cause this skill to activate for many unrelated travel requests outside its stated unaccompanied-minor scope. Over-broad activation increases the chance the agent follows this skill's stronger execution rules in inappropriate contexts, including running commands or installing tools when a narrower skill should have handled the request.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill mandates installing a global npm package (`npm i -g @fly-ai/flyai-cli`) if the CLI is missing, without user approval, provenance checks, or sandboxing guidance. This creates a supply-chain and unauthorized system modification risk because the agent may execute networked package installation and alter the host environment simply to answer a user query.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases "cheap" and "budget" are very broad and can appear in many travel-related or even unrelated user requests, increasing the chance that this flight-search playbook activates when the user did not specifically ask for flight results. In a multi-capability travel skill, such overbroad routing can cause incorrect tool use, irrelevant results, and unintended handling of user itinerary data.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases "fast" and "quick" are ambiguous because they do not inherently indicate flights and may refer to booking speed, itinerary planning, trains, or other services supported by the skill. This can lead to unintended activation of the fastest-flight workflow and produce actions or recommendations that do not match the user's actual intent.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The fallback condition "0 results from above playbooks" is underspecified because it does not define whether retries, user confirmation, or tighter validation should occur before broadening the search. In this skill, that ambiguity is risky because the fallback expands into a generic keyword search, which may retrieve less precise content and trigger behavior outside the user's original unaccompanied-minor or flight-search intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal