Back to skill

Security audit

GEO Growth Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent GEO content workflow that generates reports and draft plans, with clear human-review and no-auto-publishing safeguards.

Install only if you want a GEO/reporting workflow that may process business materials, create local Markdown/JSON artifacts, and print full reports in chat by default. Do not provide API keys unless you intentionally want live probing, and manually review every generated draft before publishing anywhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill explicitly instructs use of local scripts, reading references, and saving artifacts locally, which implies file read/write and shell-like execution capabilities without any declared permission boundary. In an agent environment, undeclared capabilities can cause the skill to be invoked with stronger operational effects than the user expects, increasing the risk of unintended file modification or execution of local tooling.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The schema explicitly allows `relative_path` values beginning with `../`, which can reference parent directories outside the expected working area. In a workflow/orchestration skill, this creates an unnecessary path traversal primitive that could be abused by downstream components to read from or write to unintended locations if they trust schema-valid input.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The file states that routing never implies auto-publishing, but the platform map routes CSDN and Juejin to skills explicitly named as publishers. In an orchestrator context, that naming and linkage create a real risk that downstream automation or future maintainers treat routing as publication-capable, causing unintended content publication despite the documented human-review requirement.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The description is broad enough to match many generic GEO, SEO, reporting, and content-generation requests, which can cause the skill to activate outside its narrow intended context. Over-broad routing is dangerous because it may trigger file/script behaviors and produce authoritative-seeming audit claims in situations where the user did not intend to invoke this workflow.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The skill states that it should save artifacts locally when working locally, but it does not require a user-visible warning or confirmation before file creation. This can lead to unexpected persistence of potentially sensitive business inputs, reports, or screenshots on disk, especially in shared or semi-automated environments.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The template hard-codes Chinese as the required output language and explicitly says the full report must be emitted into the current chat unless the user asks for a summary. This can override user language preferences and increase the chance of unnecessary disclosure of large, potentially sensitive client analysis directly in the conversation rather than keeping it in controlled artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.