AEO Analytics Free

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it says: it checks brand visibility with Gemini or web search and stores scan history locally.

Install only if you are comfortable sending the chosen prompts and brand/domain information to Gemini or search providers. Store the Gemini API key in an environment variable or keychain, avoid confidential prompts unless local retention is acceptable, and periodically review or delete the aeo-analytics history file when it is no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill explicitly persists scan history to a local JSON file, but the description does not prominently warn users that prompts, brand targets, scan results, citations, and trend history will be stored on disk. This is a real but low-severity transparency/privacy issue because users may provide sensitive business monitoring data without realizing it will be retained locally over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal