Back to skill

Security audit

Job Application Manager

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive Gmail and tracker data, but the behavior is disclosed and aligned with managing job applications.

Install only if you are comfortable granting Gmail read access and allowing updates to a Notion or SQLite job tracker. Use narrow Gmail labels where possible, review profile.md and the SQLite database path before running, and confirm before bulk re-enrichment or Calendar event creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill requires persistent reads/writes to a local profile.md file that is outside the core Gmail→tracker sync action and can store sensitive configuration such as career email, label mappings, and database paths. This creates unnecessary local data persistence and expands the skill's authority, especially because it instructs the agent to modify that file across runs.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The SQLite setup/migration flow instructs execution of shell commands and direct sqlite3 invocations even though the manifest does not declare local command execution as an integration. This introduces command-execution and local file modification capability that can affect arbitrary paths if DB_PATH is manipulated, making the skill materially more dangerous than its declared permissions suggest.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The enrichment step fetches full email threads, extracts contacts and conversation notes, and writes generated prep content into Notion, which goes beyond simple status syncing. This broadens collection, processing, and external transmission of potentially sensitive email content, increasing privacy and data-minimization risk.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description does not clearly disclose that it reads email bodies and may copy extracted content, contacts, dates, links, and notes into Notion, SQLite, and optionally Google Calendar. Missing a privacy notice undermines informed consent for sensitive mailbox processing and external data transfer, which is especially risky in a career-email context.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.