Interview Architect

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only hiring interview framework, with privacy cautions needed for candidate data but no hidden execution or unsafe system behavior found.

Safe to install from the reviewed artifacts. Use it as a hiring-process aid, not as an automated decision-maker; avoid entering unnecessary candidate personal data, do not record interviews unless consent and policy requirements are satisfied, and follow applicable employment and privacy laws.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly recommends recording remote interviews 'with consent' but provides no concrete privacy guidance on notice, lawful basis, storage, access controls, retention, or deletion. In a hiring context, interview recordings contain sensitive personal data, so incomplete guidance can lead users to collect and retain audio/video in ways that violate privacy laws or internal policy.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The rejection template says the organization will keep candidate information on file, but the skill gives no limits or safeguards for retention, reuse, consent, or handling of applicant data. Because recruiting data often includes resumes, interview notes, and sensitive personal information, this omission can encourage indefinite retention or secondary use without proper disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal