Plan Executive Recruiting Boutique Local Seo Faq Cluster

Security checks across malware telemetry and agentic risk

Overview

This appears to be a marketing/SEO writing skill, with some vague activation wording but no evidence of hidden execution, credential access, persistence, or harmful behavior.

Safe to install for drafting public local SEO FAQ content. Use it only for marketing copy, review outputs for recruiting/legal/compliance accuracy, and avoid applying it to candidate evaluation, hiring decisions, or sensitive employment workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The description says the skill should be used for 'local SEO work' without clearly limiting it to executive recruiting FAQ clustering. That broad trigger can cause over-invocation in unrelated or higher-risk contexts, increasing the chance the agent performs unsuitable web research or generates employment-adjacent content without the intended scope controls.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The 'Use When' section is vague and does not specify when the skill should not be used, what inputs are required, or what safeguards apply. In an HR-recruitment context, ambiguous invocation guidance makes misuse more concerning because the skill could be applied to broader recruiting workflows and generate content that strays into sensitive employment-related territory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal