Brand Visibility Overview

Security checks across malware telemetry and agentic risk

Overview

This skill transparently connects to GEOly AI to retrieve brand visibility metrics and does not include hidden code execution, persistence, or credential access.

Install this only if you are comfortable sending brand visibility requests and related business context to GEOly AI. Avoid using it with confidential unreleased brand, campaign, or competitive strategy details unless that sharing is acceptable under your organization's data rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to connect to an external MCP endpoint, but it provides no user-facing disclosure, consent step, or explanation of what data may be sent off-platform. In a brand-monitoring context, prompts may include company names, time ranges, internal brands, or other business-sensitive context, so silent transmission to a third-party service creates a real privacy and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal