Back to skill

Security audit

Greenhouse Apply

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for submitting Greenhouse job applications, with sensitive but disclosed handling of resumes, contact details, and email verification codes.

Use this only for a Greenhouse job you intentionally want to apply to. Review every field before submission, provide a specific resume path, and prefer manually supplying the one-time email code or limiting email access to the relevant message for the current application.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly handles highly sensitive personal data including resume contents, phone number, email address, and email verification codes, but provides no explicit privacy notice, consent boundary, or data-handling constraints. In an automation context, access to email verification codes materially increases account or workflow control, so the absence of safeguards raises the risk of over-collection, misuse, or unintended disclosure of applicant data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.