Chro Advisor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent HR advisory skill with local calculators; the main risk is handling sensitive employee and compensation data.

Reasonable to install for HR planning. Use anonymized or minimal employee data where possible, keep roster/config files and generated reports private, and be aware the skill may consult company-context.md when present.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description includes very broad triggers such as HR, talent, headcount, compensation, retention, and performance management, which overlap with common business conversations. This can cause the skill to activate outside narrowly intended CHRO contexts, leading to unnecessary access to company context or undue influence over responses in unrelated workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal