Back to skill

Security audit

Geo Template Library

Security checks across malware telemetry and agentic risk

Overview

This skill is a GEO content-template helper with no evidence of hidden execution, credential access, persistence, or destructive behavior.

Safe to install for reusable GEO content templates. Be aware it may activate for some ambiguous template requests, so invoke it explicitly for GEO or AI-citable web content when precision matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s trigger criteria are intentionally broad, telling the agent to consider this skill whenever a user asks for a 'template' or 'reusable structure' for GEO content, even without explicit GEO context. In a multi-skill system, this can cause over-invocation, routing generic template requests into a specialized SEO/GEO workflow and potentially producing irrelevant or misaligned outputs.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The instruction to trigger on broad inferred intent rather than tightly scoped conditions increases the chance that the skill will be selected based on ambiguous language. This weakens routing precision and can let the skill override more appropriate domain-specific skills, leading to unintended behavior, wasted tokens, or policy-bypassing through misclassification of user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.