geo-optimize

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese-language GEO and article-writing guide skill with no executable code, hidden network behavior, credentials access, or privileged persistence.

Install this if you want a GEO-style Chinese article-writing workflow. Be aware it may activate for broad writing prompts and may create drafts in geo-output/articles/, so specify inline-only output or a different path when needed and review generated content before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad enough to match many ordinary writing requests, which can cause this skill to activate in situations beyond GEO-specific tasks. Over-broad activation increases the chance that users are funneled into opinionated workflow rules and file-writing behavior they did not explicitly request, creating scope creep and unsafe autonomy.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to write output into the workspace and create directories if missing, but does not require explicit user consent or even notice before modifying local files. This can lead to unexpected filesystem changes, clutter, accidental overwrites, or persistence of sensitive/generated content in environments where users only expected an in-chat response.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal