Gingiris SEO/GEO Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SEO/GEO operations playbook with credential use and publishing workflows that fit its stated purpose.

Install only if you want an agent to help with SEO operations. Before giving it credentials, use least-privilege API keys, keep OAuth and payment steps under human control, and review any generated content or publishing actions before they affect public sites or analytics.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list contains broad, high-frequency phrases such as "SEO agent," "SEO automation," and "keyword mapping" that are likely to match ordinary user conversations rather than deliberate skill invocation. This can cause the skill to activate in unintended contexts, injecting automation-oriented SEO instructions into unrelated sessions and increasing the attack surface for prompt hijacking or workflow confusion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal