Security audit

Geo Local Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill provides local-search planning guidance and does not show hidden execution, credential use, persistence, or destructive behavior.

Safe to install for local business GEO planning. Be aware it may activate broadly for local-business search or discovery conversations, and only provide addresses, service areas, listing URLs, and review details you are comfortable using in that planning context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill metadata and top-level description instruct the agent to use this skill whenever local-business topics are mentioned, with very broad examples and no meaningful exclusion criteria. This can cause over-invocation of the skill on ordinary conversations about local businesses, increasing the chance of irrelevant workflow takeover, scope creep, and misrouting of user requests.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The 'When to use this skill' section repeatedly uses broad directives such as 'Invoke this skill whenever' and 'should be strongly considered' based on loose signals like geography plus desire for customers to find the business. Without sharper boundaries, the orchestrator may select this skill for many standard marketing or business conversations that do not actually require this specialized local GEO workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal