Back to skill

Security audit

目的地国家/地区旅行安全与禁忌提示

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed static travel-safety HTML guide generator, with no hidden code execution, credential use, or privileged behavior found.

Before installing, note that this skill is tailored for Chinese-language travel cards and Chinese consular information. Verify emergency numbers, legal guidance, embassy details, and safety advice against official current sources before relying on them, and review generated HTML before sharing it because it may include your destination and travel preferences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description uses very broad travel-related trigger phrases, which can cause the agent to invoke this skill for generic travel questions that do not actually require its specialized behavior. Over-broad activation increases the chance of unintended data collection, irrelevant HTML file generation, or routing users away from more appropriate skills, which is a real security and safety boundary issue in agentic systems.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill hardcodes Chinese-language/localized output expectations and specifically requires Chinese embassy or consulate information regardless of the user's language or nationality. This can produce mismatched emergency guidance, reduce usefulness in urgent situations, and expose users to incorrect assumptions about consular support, especially when the user is not a Chinese national.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.