Back to skill

Security audit

Compensation Repo

Security checks across malware telemetry and agentic risk

Overview

This is a coherent HR/payroll assistant, but it can create persistent plaintext files containing sensitive employee and compensation data without clear masking, retention, or access-control guidance.

Install only if you are authorized to process HR/payroll data. Prefer masked identifiers and status-only fields, avoid full bank or identity numbers unless your organization has approved that workflow, and store generated DOCX/CSV/JSON outputs in a protected location with a clear deletion or retention policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default prompt is broadly phrased to handle 'compensation judgment or pre-filing checks' without clear scope boundaries, exclusions, or trigger constraints. In an HR/payroll context, that can cause the agent to be invoked for regulated tax, social insurance, and housing fund filing decisions beyond its validated coverage, increasing the risk of incorrect or overconfident guidance on sensitive employment and compliance matters.

Natural-Language Policy Violations

Medium
Confidence
71% confidence
Finding
The manifest text is primarily in Chinese and implicitly steers the interaction into Chinese without clearly offering a language choice. While not typically a direct security flaw, this can create misunderstanding for users expecting another language, which is more consequential here because the skill gives payroll and filing-related guidance where nuance and precision matter.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes sensitive HR data including candidate name, current salary, expected salary, job title, and compensation recommendations into multiple files (DOCX, CSV, JSON) without any minimization, masking, access control, or retention warning. In an HR compensation workflow, this materially increases the chance of unauthorized disclosure through shared folders, email forwarding, endpoint compromise, or accidental reuse of generated artifacts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists highly sensitive payroll and HR data to multiple files, including DOCX, CSV, and JSON outputs containing employee names, IDs, bank/tax-related risk indicators, and compliance status, but provides no consent prompt, data-minimization control, retention guidance, or output protection. In an HR/payroll context this increases the chance of unauthorized disclosure through misdirected storage, broad filesystem access, backups, or accidental sharing, making the issue materially more dangerous than in a non-sensitive reporting tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.