Resume Builder

Security checks across malware telemetry and agentic risk

Overview

This instruction-only resume skill is focused on helping users create Reactive Resume JSON and does not show hidden execution, data exfiltration, persistence, or credential access.

Only provide contact details, references, and career history that you actually want included in the generated resume JSON. Consider omitting or redacting sensitive details such as phone number, exact address, reference contact information, or private links unless needed for the resume.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly prompts for sensitive personal data such as full name, email, phone number, and location, but provides no privacy notice, minimization guidance, or handling constraints. In conversational systems, this increases the risk of unnecessary collection, retention, or downstream exposure of PII, especially if users are not warned that these fields are optional or sensitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal