Workforce Planning Framework

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only workforce planning guide that may involve sensitive employee data, but it does not contain code, hidden access, persistence, or exfiltration behavior.

Use this skill only with HR data your organization permits in agent chats. Prefer aggregate or anonymized inputs, avoid unnecessary employee identifiers, and keep generated plans in approved HR or business systems with appropriate access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs collection of employee-level skills ratings, flight-risk indicators, tenure data, and fully loaded compensation information, which are sensitive HR/personnel data elements. Presenting this workflow without privacy, access control, minimization, consent, retention, or legal-compliance guidance could lead users to centralize highly sensitive employee data in unsafe tools or process it in ways that violate confidentiality expectations or employment/privacy requirements.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal