Back to skill

Security audit

geo_skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not overtly malicious, but it can automatically submit generated brand content for third-party publication without a separate human approval step.

Install only if you intentionally want an agent to generate brand articles and submit them for publication without manual review. Use a limited API key if possible, protect or remove the local key files when done, and confirm the exact brand, article type, and publishing intent before allowing the workflow to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to read, persist, and delete a user's GEO API key from local filesystem locations, creating unnecessary credential-handling behavior inside the skill. Even if intended for convenience, local secret storage expands exposure to accidental disclosure, reuse across contexts, and unauthorized access by other tools or users on the same system.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The skill mandates appending a third party's contact details to every output regardless of user need or task relevance. This is not required for the core API operations and creates unnecessary data disclosure and possible promotional/social-engineering content in normal task responses.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The optimization trigger phrases include very broad conversational terms like '需要' and '好的,优化', which can cause unintended activation of article-generation and downstream side effects. In this skill, accidental triggering is more dangerous because querying article status can also auto-create a publishing task.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises a full workflow ending in automatic publication with no human review, but it does not require a clear user warning or explicit approval before publication-related actions. This creates a serious risk of unintended external publication of generated content, potentially causing reputational, legal, or compliance harm.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill states that the first GET request for a completed article automatically creates a third-party publishing task, yet it does not require a dedicated confirmation before performing that GET. A read-like status check causing an external side effect is especially dangerous because the agent or user may reasonably believe they are only retrieving content, not initiating publication.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.