heading-structure

Security checks across malware telemetry and agentic risk

Overview

This is a small SEO heading-structure guidance skill with no executable code, network behavior, persistence, or account access.

Install this if you want SEO guidance for page heading hierarchy. Be aware it may use local project context files to infer target keywords, so avoid keeping sensitive notes in those files if you do not want them considered during SEO-heading work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill description contains a long list of broad trigger terms such as "heading," "content structure," and "H2/H3," which can match many unrelated user requests and cause the skill to be invoked when it is not the best fit. Over-broad routing is a real security and reliability concern because it can steer the agent into reading project context files or applying SEO-specific guidance in unintended situations, increasing the chance of unnecessary data access or incorrect task handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal