Ski Resort

Security checks across malware telemetry and agentic risk

Overview

This ski travel skill is mostly a normal FlyAI/Fliggy search wrapper, but it needs review because it can install an unpinned global CLI and persist raw user queries in a hidden local log.

Install only if you trust the FlyAI CLI and are comfortable sending ski/travel queries to FlyAI/Fliggy. Prefer approving and pinning the CLI install yourself in an isolated environment, and ask the agent not to create .flyai-execution-log.json or delete that file after use if your queries include personal travel details.

SkillSpector

By NVIDIA

Vulnerability Patterns

System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This markdown file describes an internal execution log and explicitly states it is not shown to users, while the schema includes `user_query` as `{raw input}`. Because this behavior captures user-provided data and the document contains no user warning about the privacy impact, it matches the markdown-specific missing-warning criterion.

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: flyai search-poi --city-name "Changchun" --category "滑雪" ``` ## Output Rules 1. **Conclusion first** — lead with the key finding 2. **Comparison table** with ≥ 3 results when available
Confidence: 85% confidence
Finding: Output Rules

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal