Back to skill

Security audit

Geo Hallucination Checker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent content-review skill for flagging unsupported claims, with no evidence of hidden access, persistence, credential use, or destructive behavior.

Reasonable to install for reviewing drafts, citations, and high-risk claims. Treat its output as a screening aid, not a final authority; verify medical, legal, financial, scientific, or current factual claims against authoritative sources before publishing or relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill promises fact-checking and detection of fabricated studies or incorrect conclusions, but the documented behavior relies heavily on heuristic flagging and conditional verification ('if tools are available and allowed'). That gap can cause users or downstream agents to treat unverified content as vetted, creating a false sense of assurance in high-stakes domains like medical, legal, or financial content.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger guidance is very broad ('use whenever the user asks... ensure generated content is grounded in real evidence'), which can cause unnecessary or incorrect invocation across many content tasks. Over-invocation increases the chance that heuristic outputs are applied where rigorous verification is expected, amplifying the mismatch between advertised and actual assurance.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to 'assume they are and apply this skill' when unsure creates an ambiguous default-trigger condition. In orchestration systems, this can lead to the skill being used as a catch-all validator even when it cannot truly verify claims, causing overblocking, misleading risk labels, or misplaced trust in its judgments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.