Geo Audit

Security checks across malware telemetry and agentic risk

Overview

This skill appears benign: it audits public website visibility and writes a local report without evidence of hidden credential use, destructive behavior, or private data access.

Install only if you are comfortable with the agent fetching the target website and public brand/profile pages such as Wikipedia, LinkedIn, Reddit, YouTube, Crunchbase, review sites, and directories. Expect a local GEO audit report file to be created, and review any generated SEO or schema recommendations before applying them to a live website.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The skill explicitly instructs the agent to create Markdown reports and optionally export them to PDF/Word, which causes local artifact creation without any explicit user-facing warning about disk writes or artifact persistence. This is low severity because the file creation is aligned with the skill's purpose, but it can still surprise users or violate least-surprise expectations in environments where writing files is sensitive.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal