Beauty GEO Writer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a prompt-only skill with a language/formatting rigidity issue, not evidence of hidden access or harmful behavior.

Install only if you are comfortable with the skill tending to answer in Chinese and follow strict Chinese-character length rules. Users who need multilingual or accessibility-sensitive output should adjust the skill instructions or avoid relying on it for non-Chinese tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill hard-codes Chinese-language output behavior and Chinese-character length constraints without stating that this should only apply when the user requests Chinese. In a prompt-only skill, this can override or conflict with user intent, reduce accessibility, and cause the model to ignore system or user language preferences, which is a real prompt-safety and quality-control issue even though it is not directly a code-execution risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal