Trip Search

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill appears to do what it says: use web search to find flights, hotels, and transport options, with only a minor risk of activating on broad travel questions.

Install only if you want the agent to perform live travel searches. Use clear wording when you want current flight, hotel, or transport comparisons, and avoid including sensitive personal details unless needed for the search.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation examples for hotel and transport queries are broad enough that the skill may trigger during general travel discussion rather than an explicit request to perform live search. That can cause unintended web access, unnecessary data retrieval, and booking-link generation when the user may only be brainstorming or asking informational questions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal