Google Search Console

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Google Search Console helper with no hidden code or install-time behavior, though users should be mindful when connecting real GSC data.

Safe to install as a GSC analysis guide. When using it with live Search Console data, authorize only the intended Google property, confirm before running API exports or making indexing/disavow changes, and avoid sharing exported analytics unless appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill's invocation description includes many broad SEO-related terms such as title tag, meta description, impressions, and CTR that can appear in contexts not requiring Google Search Console access. This can cause the agent to invoke the skill in unrelated conversations, creating scope creep, incorrect tool selection, and possible unnecessary access to GSC data or misleading analysis.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal