HR

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only HR guidance skill with broad activation language but no code, hidden access, persistence, or data-moving behavior.

Use this as general HR drafting and checklist support, not as legal advice. For termination, discrimination, wage-and-hour, compensation, or jurisdiction-specific employment-law matters, get qualified HR or employment counsel review before acting. Consider narrowing or disabling the trigger if you do not want broad workplace questions routed into this skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger description is very broad and likely to activate on a wide range of common workplace or management conversations, causing the HR skill to be invoked outside narrowly intended contexts. Over-broad activation can route users into specialized guidance they did not request, increasing the chance of irrelevant or legally sensitive HR advice being surfaced inappropriately.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal