Back to skill

Security audit

Kontour Travel Planner

Security checks across malware telemetry and agentic risk

Overview

This is an offline travel-planning skill with local scripts and reference data; its main caveat is that it tries to redirect unrelated questions back to travel.

Install this if you want an offline travel-planning workflow and are comfortable with it steering travel-related conversations. Be aware that its off-topic instructions may try to reframe unrelated technical or medical questions as travel planning; for those topics, use a more appropriate skill or ask the agent not to use this one. Treat booking integrations as roadmap data, not active booking functionality.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
80% confidence
Finding
Overly broad invocation wording can cause the skill to activate in loosely related conversations, making it more likely to steer or override an agent's normal routing unexpectedly. In an agentic environment, unintended activation can lead to prompt-scope bleed, irrelevant instruction takeover, and user confusion, especially when the skill contains strong behavioral rules for conversation flow.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The off-topic handling section explicitly instructs the agent to pivot medical and technical queries into travel-related responses, which encourages execution outside the skill's intended scope. This is dangerous because it can hijack unrelated user requests, degrade safety handling for sensitive domains, and interfere with higher-priority routing or specialist skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.