Geocodio

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Geocodio connector skill that runs documented read/search geocoding actions through the OOMOL CLI, with no evidence of hidden or destructive behavior.

Install if you are comfortable using OOMOL's oo CLI with a connected Geocodio API key. Treat addresses and coordinates as potentially sensitive location data, and ask the agent to confirm intent before batch requests or when you only want general discussion about Geocodio rather than live lookup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger text is overly broad: "Use this skill for ANY Geocodio request" and "Whenever a task involves Geocodio, use this skill instead of calling the API directly." That can cause the agent to invoke this skill for any mention of Geocodio, even when the user only wants discussion, comparison, or unrelated context, increasing the chance of unintended command execution or unnecessary exposure to external tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal