AEO Prompt Frequency Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends a user-provided prompt to Gemini several times to analyze generated search queries, with credential and network use disclosed.

Use a dedicated or restricted Gemini API key, verify that the Keychain item named nano-banana-pro is the intended Gemini key before using the example command, avoid prompts containing secrets or confidential data, and keep runs/concurrency modest to control quota and billing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill invokes a Python script that uses environment variables and makes networked API calls, but the skill metadata declares no permissions. This creates a transparency and policy gap: users may run the skill without realizing it can access credentials from the environment and send prompt contents to external services.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script sends the full user-supplied prompt to the Gemini API with Google Search grounding, which discloses that content to an external service and may also trigger additional web searches. In this skill’s context, users may paste sensitive investigative prompts or proprietary text, so the lack of an explicit disclosure/consent step creates a real privacy and data-handling risk even though the behavior is core to the tool’s purpose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal