festival-flight

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent flight-search integration, but it tells agents to install an unpinned global npm CLI automatically without a clear user approval boundary.

Review before installing. Only use this skill if you are comfortable sending travel search details to the flyai/Fliggy CLI, and require manual approval for any npm install. Prefer a pinned or isolated install instead of allowing an agent to modify the global npm environment automatically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly directs the agent to install a global npm package and execute a CLI as a mandatory prerequisite, but provides no user-consent boundary, sandboxing guidance, or warning that this changes the host system and may run untrusted code. In an agent environment, this can lead to unauthorized package installation, arbitrary code execution via npm lifecycle scripts, and persistent modification of the machine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal