Back to skill

Security audit

corporate-travel

Security checks across malware telemetry and agentic risk

Overview

This is a coherent corporate flight-search skill, but it depends on an external FlyAI CLI and includes an automatic global npm install step users should approve first.

Install only if you trust the FlyAI npm CLI and are comfortable sharing corporate travel search details with FlyAI/Fliggy. Approve any global npm installation explicitly, and consider running it in a managed or sandboxed environment for corporate use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill explicitly tells the agent to never invent CLI parameters and to use only flags listed in the Parameters Table, but the direct-flight playbook uses an undocumented `--journey-type` flag. This inconsistency can cause execution failures or encourage the agent to rely on contradictory instructions, which weakens safety guarantees around command construction and makes behavior less predictable.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to run `npm i -g @fly-ai/flyai-cli` automatically if the CLI is missing, which modifies the host environment without explicit user approval. Installing a global package can introduce supply-chain risk, alter system state, and violate least-privilege expectations, especially in enterprise or multi-tenant execution environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The fallback playbook silently expands from a structured flight search to a broader keyword search, which changes the retrieval scope without notifying the user. In a corporate travel context, this can surface less curated or unintended results and may process user itinerary details in a broader search path than the user expected, increasing privacy and trust risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.