Index Now

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill for submitting URLs to search indexing services, with no hidden code or automatic behavior found.

Before using this skill, confirm that every URL or sitemap entry is intended to be public and belongs to the target domain. For Google, use a dedicated service account limited to the relevant Search Console property, keep access tokens private, and revoke access when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to submit URLs, entire sitemaps, and indexing requests to third-party services without any visible warning that site structure and URL data will be transmitted externally. In practice, this can lead to inadvertent disclosure of unpublished, sensitive, staging, or internal-looking URLs if a user provides the wrong sitemap or target set.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal