---

Security checks across malware telemetry and agentic risk

Overview

This is a text-only career coaching skill with disclosed use of career and compensation context and no evidence of hidden execution or data exfiltration.

Reasonable to install for career coaching. Before using it, keep USER.md limited to career information you are comfortable sharing with your agent, and avoid passwords, tokens, private employer records, or unrelated personal documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The quick-start phrases are generic natural-language commands such as "Audit my career" and "Research [Company]," which are plausible user utterances outside a deliberate skill-invocation context. If the platform routes skills based on broad trigger matching, these phrases could cause unintended invocation of this skill and expose user inputs or steer conversations into job-search workflows unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal