google-search-console

Security checks across malware telemetry and agentic risk

Overview

This is a guidance-only Google Search Console skill with a broad trigger description but no hidden code, install hooks, or automatic data access.

Before installing, be aware it may activate for some general SEO wording. Use it when you specifically want Google Search Console analysis, confirm the intended site property before using real data, and store exported reports or screenshots only in approved locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is overly broad and includes generic SEO terms such as title tag, meta description, impressions, and CTR that can appear in many contexts unrelated to Google Search Console. This can cause the skill to be invoked when a narrower or more appropriate skill should handle the request, leading to context hijacking, incorrect guidance, or unintended access to GSC-oriented workflows/API usage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal