Security audit

Locate your position on modern Windows

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it helps a Windows user run a PowerShell script that returns the device’s location, but users should treat the output as sensitive personal data.

Install only if you are comfortable with the assistant helping access and display this Windows device’s physical location. Run it only after the user clearly asks for device geolocation, avoid sharing exact coordinates unnecessarily, and consider reducing precision before pasting the results into chats, logs, tickets, or third-party services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill collects and outputs precise device latitude/longitude and accuracy without an explicit privacy warning, consent reminder, or data-handling caution. Because precise location is highly sensitive personal data, invoking this skill without clear user awareness could expose a user's whereabouts or enable downstream misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.