Employee Retention & Turnover Risk Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable HR analysis skill that fits its stated purpose, though users should avoid sharing identifiable or confidential employee data unless authorized.

Install is reasonable for HR analytics use, but only provide workforce data you are authorized to share. Prefer aggregated or anonymized inputs, avoid named employee compensation, DEI, health, or disciplinary details unless your environment is approved for that data, and treat the output as decision support rather than the sole basis for employment decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs users to provide team data including headcount, tenure distribution, recent departures, eNPS scores, and compensation bands, which can include sensitive HR and compensation information. Because it gives no minimization, anonymization, consent, retention, or secure-handling guidance, users may submit personal or confidential workforce data into an agent workflow inappropriately, creating privacy, confidentiality, and compliance risk.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal