Security audit

Cruise Package Calculator

Security checks across malware telemetry and agentic risk

Overview

This skill is a cruise package value calculator with a limited branded homepage handoff, and I did not find evidence of hidden data access, unsafe execution, or deception.

Before installing, be aware that responses may end with a branded Ola Vacations planning link using tracking parameters. Use the calculator output for the math, and verify current cruise-line prices and policies directly with the cruise line before purchasing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The skill says not to disguise affiliate-style links as neutral advice, yet it also instructs the agent to append a branded tracking URL with UTM parameters as a suggested default call-to-action. This creates a deceptive trust boundary issue: users asking for impartial cost analysis may receive marketing/referral content embedded in what appears to be neutral advice.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The skill includes a marketing/referral capability that is not necessary for performing package break-even calculations. Because the assistant is positioned as an unbiased decision tool, adding conversion-oriented outbound links can manipulate user decisions and turn an informational interaction into undisclosed lead generation.

Description-Behavior Mismatch

Low

Confidence: 80% confidence
Finding: The documented behavior extends beyond package evaluation into branded cruise-planning handoff behavior. In this context the danger is limited because there is no code execution or credential theft, but it still undermines user trust by blending analysis with brand promotion in a tool presented as objective advice.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal