Back to skill

Security audit

Recruiting

Security checks across malware telemetry and agentic risk

Overview

This recruiting skill appears useful for hiring workflows, but it includes candidate outcome labels and persisted ratings that may steer hiring decisions despite claiming not to make them.

Review carefully before installing. Use it only as an organizer for human-led recruiting work, not as an automated screening or rejection tool. Avoid storing protected characteristics or unnecessary personal data, define retention/deletion practices, and require a human reviewer to make and record all hiring decisions outside the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The referenced section goes beyond neutral pipeline tracking by surfacing candidate strength labels, "strong hire" style judgments, and action recommendations such as moving a candidate to decision or rejecting them. In a hiring skill whose metadata explicitly says it should never make hiring decisions or replace human judgment, these outputs can improperly steer employment decisions and create compliance, fairness, and policy risk.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill operationalizes explicit hiring outcomes such as "reject" and provides commands to update a screening recommendation to rejection, which conflicts with the metadata promise that it must never make hiring decisions. In a hiring context, this creates a real risk that users defer to the tool's recommendation as an employment decision, increasing legal, fairness, and policy exposure.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document says the purpose is to identify who is worth interviewing, and elsewhere defines categories including explicit rejection decisions, creating a decision-support workflow that effectively crosses into hiring adjudication. Because resume screening is a high-stakes employment use case, even phrasing that narrows people into interview vs. reject buckets can encourage prohibited automated decision-making.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The script explicitly stores interviewer-style candidate ratings, including a rejection-oriented value ('no_hire'), which conflicts with the skill's stated guarantee that it never makes hiring decisions or replaces human judgment. In a recruiting context, persisting these structured evaluations can directly influence downstream decisions, create bias/amplification risk, and expose the system to policy or compliance violations if users rely on the recorded rating as decision support.

Intent-Code Divergence

Low
Confidence
78% confidence
Finding
The module docstring says the script only updates candidate stage, but the implementation also writes evaluative hiring ratings. This mismatch is security-relevant because understated behavior reduces operator awareness, weakens reviewability, and can hide sensitive decision-support functionality inside what appears to be harmless pipeline maintenance.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is broad enough to activate on ordinary recruiting or HR-related conversation, which can cause the skill to engage when the user did not intend structured candidate-data processing. Because this skill manages hiring workflows and candidate records, accidental activation could lead to unnecessary collection, storage, or manipulation of sensitive employment-related data.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger examples are broad and conversational, such as 'Help me describe this position,' which can overlap with ordinary requests outside a clearly bounded hiring workflow. In an agent setting, vague activation phrasing can cause the skill to engage unexpectedly on general writing or description tasks, increasing the chance of unintended access to recruiting workflows or candidate-related context.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrase "Evaluate this candidate" is broad and can cause the skill to activate in loosely related conversations, potentially processing candidate information when the user did not intend a structured screening workflow. In a recruiting context, overbroad activation increases the chance of unnecessary handling of sensitive personal data and unintended generation of hiring recommendations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file instructs users to process resumes, candidate IDs, and screening records but provides no privacy, consent, retention, or sensitive-data handling guidance. Resumes commonly contain personal and sometimes protected information, so omitting safeguards raises material privacy, compliance, and misuse risk in an employment setting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.