Back to skill

Security audit

gety-local-search

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local Gety search helper, but users should keep searches and document retrievals intentional because it can reveal indexed local file contents.

Install this only if you want the agent to search files already indexed by Gety. Review which folders Gety indexes, use specific local-file requests, and require confirmation before fetching full document text or adding/removing indexed folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill’s stated purpose is local file/document search, but it also documents `gety connector add` and `gety connector remove`, which can change what directories are indexed. That expands the skill from read/search into configuration-changing behavior over local data sources, creating an unnecessary capability that could be abused to index sensitive folders or disrupt existing indexing scope.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Connector administration is not justified by the declared search-only purpose of the skill and violates least privilege. In practice, exposing add/remove management commands gives the agent authority to alter what local content is discoverable or to remove access to expected sources, which can lead to privacy exposure or availability issues.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is broad enough to match generic requests like '帮我搜索' or '帮我搜索'/'search' style phrases that may not clearly mean local-file search. Overbroad routing increases the chance this skill is invoked in the wrong context, causing unintended searches of local indexed content or unnecessary exposure of local file metadata.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to fetch full document content with `gety doc` but provides no warning, consent step, or data-minimization guidance before exposing potentially sensitive local file contents. Because local documents often contain personal, financial, or proprietary information, automatic retrieval raises confidentiality risk beyond simple search-result display.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.