Back to skill

Security audit

national-day-flight

Security checks across malware telemetry and agentic risk

Overview

This travel-booking skill appears purpose-aligned, but it needs review because it can automatically install a global CLI and may activate on overly broad travel requests.

Install only if you are comfortable with the agent using an external travel CLI. Do not allow the global npm install unless you explicitly trust `@fly-ai/flyai-cli`; prefer installing and reviewing it yourself first. Use this skill for clear flight-search tasks, and confirm route, dates, filters, and booking links before acting on results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to globally install and execute a package (`npm i -g @fly-ai/flyai-cli`) automatically if the binary is missing, without explicit user confirmation or trust verification. This creates a supply-chain and arbitrary-code-execution risk, because package installation scripts and the installed CLI run with the user's privileges and could alter the host environment.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger set for the cheapest-option playbook includes very broad terms like "cheap" and "budget," which can match many travel-related requests without clearly expressing intent to prioritize lowest fare. This can cause the agent to invoke a price-sorted flight search when the user may instead want hotels, trains, or a more balanced flight recommendation, leading to incorrect actions or misleading results.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The fastest-route playbook is activated by generic words like "fast" and "quick," which are highly ambiguous in a travel assistant that also supports hotels, trains, attractions, and itinerary planning. An attacker or normal user could easily trigger the wrong playbook, causing unintended flight searches and reducing reliability of downstream booking behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The fallback condition "0 results from above playbooks" is underspecified and lacks boundaries on when keyword-search may run, which can expand execution beyond the original structured search path. In a travel-booking context, this is risky because a failed constrained query can silently degrade into a broader query built from interpolated user-controlled fields, increasing the chance of unintended invocation, noisy results, or misuse of the search capability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.