Engineering Manager OS

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only engineering management playbook, with the main caution being careful handling of employee-related notes and decisions.

Safe to install as a markdown-only management framework. Do not paste regulated or unnecessarily personal employee data into unmanaged tools, keep 1:1 notes and performance materials in approved company systems, and involve HR/legal or qualified leadership review before acting on hiring, PIP, promotion, termination, or layoff outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This section explicitly encourages recording sensitive employee data such as flight risk, performance trajectory, feedback, and private notes, but provides no guidance on consent, retention, access controls, minimization, or legal/privacy handling. In a real workplace deployment, this can lead to improper collection or exposure of HR-sensitive information and create compliance, employee trust, and insider-risk issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal