China Travel

Security checks across malware telemetry and agentic risk

Overview

This is a simple travel-planning reference skill with no executable code, hidden access, persistence, or credential handling.

Safe to install as a travel-planning reference. Confirm current visa, entry, health, cancellation, and booking rules with official or trusted sources before acting, and only share passport, visa, health, or family details when necessary for the specific trip.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broad enough to trigger on many generic travel-related requests, which can cause the agent to invoke this skill outside a narrowly intended scope. Over-broad activation increases the chance of unintended routing, unnecessary data exposure to referenced subdocuments, or the skill influencing user tasks it was not specifically selected for.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The metadata description says to use the skill when planning China trips, which can bias routing toward a China-specific context without first establishing that the user wants that locale. This can lead to inappropriate assumptions, misaligned recommendations, and reduced user control over destination or provider context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal