SEO & GEO Dual-Engine — Rank on Google + Get Cited by AI Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SEO/GEO marketing playbook, but it needs review because it includes API-key commands that can publish public content without clear approval safeguards.

Install only if you want a marketing playbook that may guide agents to submit URLs and cross-post articles. Treat IndexNow and Dev.to keys as secrets, keep them in environment variables or a secret manager, and require explicit approval before any curl command posts, publishes, or transmits content to an external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes concrete API request examples using keys and publishing endpoints without any warning about credential sensitivity, external transmission, or confirmation before posting. In an agent setting, this can normalize sending secrets to third parties or encourage accidental publication to external services.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal