51mee Resume Parse

Security checks across malware telemetry and agentic risk

Overview

This resume-parsing skill handles sensitive resume details, but its behavior is disclosed, user-initiated, and limited to extracting structured information from uploaded resumes.

Install only if you are comfortable processing resumes through the agent and LLM workflow. Use it with resumes you have permission to process, and avoid unnecessary storage or sharing of parsed outputs because they may include phone numbers, email addresses, birthdays, salary expectations, and work history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This skill is explicitly designed to ingest and extract highly sensitive resume data, including phone numbers, email addresses, work history, education, and other personal identifiers, but it provides no privacy notice, minimization guidance, retention policy, or handling constraints. In a real deployment, that increases the risk of unnecessary collection, overexposure, and downstream misuse of personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal