Security audit

Team Outing Planner

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed team-outing planner that uses travel lookup commands and creates a local HTML report, with privacy and consent considerations but no artifact-backed malicious behavior.

Before installing, confirm you trust the flyai CLI/provider and are comfortable with travel queries being sent to that service. Use summarized or anonymized team preferences, avoid storing names or sensitive needs unless necessary, review the generated HTML before sharing it, and delete ~/team-outing-recommendation.html when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to automatically write an HTML file to the user's home directory and then open it, causing local filesystem modification and program execution side effects unrelated to the core need of recommending team outing destinations. In an agent setting, this normalizes unsolicited local actions and could be abused to overwrite files, create deceptive local content, or launch applications without explicit user consent.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README explicitly says the skill collects team preferences and uses fly.ai for real-time queries, but it does not disclose that user-provided trip details may be transmitted to an external service. In a team-planning context, those details can include sensitive organizational or personal information such as group composition, children, mobility constraints, dietary restrictions, and budget data, so the omission creates a meaningful privacy and consent risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README states that an HTML report is automatically saved to ~/team-outing-recommendation.html and opened, but it does not warn that collected team information will be written to disk. Persisting travel preferences, special needs, and budget information in a predictable file path can expose private data to other local users, backups, sync tools, or later unintended disclosure.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The markdown explicitly directs automatic local HTML generation and execution of `open ~/team-outing-recommendation.html` without warning the user about filesystem writes or command execution. This is dangerous because users may not expect a planning skill to perform local side effects, and similar patterns can be leveraged for social engineering, unwanted file drops, or triggering local handlers/applications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.