Back to skill

Security audit

Interview Prep

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent interview-prep helper, but it will read job-related email/tracker data and may save interview access details into a local prep file.

Install only if you are comfortable letting the agent search recent interview-related email and tracker records for a named company. Review the generated markdown file before sharing it, and consider removing access codes, meeting links, recruiter emails, or other private details from the saved document.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is designed to access Gmail, Notion, local profile data, and write files, but it does not require an explicit user-facing consent step or warn that personal communications, contacts, and local filesystem contents will be read and modified. That creates a privacy and data-handling risk because the agent may process sensitive personal or employer information and persist it into a new document without clear authorization boundaries.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This workflow explicitly instructs extraction of Gmail thread bodies, contact details, ATS links, and interview platform access codes, then merges that data into a local markdown file. Collecting and persisting sensitive communications and credentials-like tokens without explicit warning, consent, redaction, or scoping controls increases the chance of privacy leakage, credential exposure, and over-collection of unrelated personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.