Back to skill

Security audit

Gingiris Seo Geo Agent

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SEO automation skill, but it asks users to let an agent use third-party SEO accounts, API keys, publishing tokens, and site-changing workflows without strong approval or least-privilege guardrails.

Review this carefully before installing if you would connect it to real sites or accounts. Use project-scoped, least-privilege credentials; avoid personal or root tokens; keep secrets in a proper secret manager; set API budget limits; and require human approval for publishing, deploying, robots.txt changes, IndexNow pushes, and any paid or public-facing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README encourages an autonomous agent to access Google Search Console, GA4, API-backed SEO tools, and perform site-affecting actions such as IndexNow pushes, but it does not include clear guardrails around credential handling, scope limitation, approval requirements, or the risks of automated changes. In an agent-skill context, this omission can lead users to grant broad third-party access and permit unsupervised actions that expose analytics/search data or cause unintended production changes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is extremely broad and includes many generic SEO phrases such as "SEO agent," "SEO automation," "keyword mapping," and "IndexNow," which can cause the skill to activate for ordinary user requests unrelated to this specific SOP. Over-broad invocation increases the chance that the agent injects operational instructions or automation behaviors in contexts where the user did not explicitly request this skill, creating prompt-scope confusion and unintended action risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The SOP recommends opening robots.txt access to multiple AI crawlers as part of a "GEO triple combo" without warning about content exposure, privacy, licensing, or organizational policy implications. In practice, this can lead users to permit third-party AI ingestion of content or endpoints they did not intend to expose, especially if they follow the playbook mechanically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The SOP tells users to give API keys and other credentials to the agent, but it does not define least-privilege access, storage/rotation requirements, scope restrictions, or the risk of letting an autonomous agent use credentialed third-party services. Even though it briefly says not to place keys in shared files, the overall workflow still encourages handing powerful secrets to the agent, which could enable unauthorized API usage, data exfiltration, account abuse, or cost-incurring actions if the agent or its runtime is compromised.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.