Geox Ground

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only geoscience reasoning skill; its broad activation language may be annoying, but it does not install code, request credentials, or send data anywhere.

Install this if you want stricter evidence labeling for geology, seismic, wells, petrophysics, and subsurface reasoning. Be aware it may trigger on generic terms in non-geoscience contexts, and treat its outputs as advisory for safety-critical or operational decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description says to activate when 'any claim involves' a wide range of Earth-domain concepts and when 'Arif asks about geoscience topics,' which does not clearly bound when the skill should not activate. This broad phrasing could cause unintended invocation for incidental mentions of terms like materials, fluids, pressure, or depth in non-geoscience contexts.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill activates for questions containing words such as 'structure,' 'pressure,' and 'depth,' which are common across many unrelated domains. Without exclusions or contextual qualifiers, this trigger list is ambiguous and risks collisions with everyday or other technical conversations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal