Visa Itinerary Gen

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates visa itinerary documents and booking-link files, with disclosed external travel searches and user-approved dependency installs.

Install only if you are comfortable with flyai/Fliggy receiving your trip search details and with adding the flyai CLI plus Playwright/Chromium to your environment. Review generated booking links and itinerary details before using them for a visa application or booking travel.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The activation criteria cover broad visa and travel-document requests, so the skill may trigger in situations beyond simple itinerary generation. Over-broad triggering can cause inappropriate tool invocation, unnecessary external queries, and generation of travel-booking artifacts when the user wanted general advice or different document help.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The regex patterns are permissive and can match many ordinary mentions of visas, plans, or travel documents without confirming that the user wants this specific skill. This increases accidental activation risk and may route sensitive travel conversations into a workflow that installs tools, calls external services, and writes local files.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal