Resume JD Match — JD定制简历

Security checks across malware telemetry and agentic risk

Overview

This is a coherent resume-tailoring skill that stores personal resume data locally, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable storing a local resume-profile.md containing personal resume information in the workspace. Prefer pasted job descriptions unless URL handling is clarified, and treat PDF export as unavailable or review the referenced script separately if it is later added.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill advertises invocation phrases such as "make me a resume" and similar broad natural-language requests that are common in everyday assistant interactions. This can cause the platform to activate the skill unintentionally in contexts where the user did not explicitly ask to run a resume-generation workflow, increasing the chance of unnecessary file creation, profile collection, or processing of pasted job descriptions and personal data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal