Resume Editor

Security checks across malware telemetry and agentic risk

Overview

This resume-building skill is coherent and purpose-aligned, with ordinary document-processing risks around sensitive resume data, overwrites, and dependency hygiene.

Before installing, be comfortable letting the agent read and write resume files in your working directory. Use explicit output filenames, check before overwriting resume.json, avoid converting untrusted HTML to PDF, and install pinned/current patched versions of PyMuPDF and pdfkit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to read user-provided PDFs, save extracted JSON, and write HTML/PDF outputs, but no explicit permissions are declared. That mismatch can cause the platform or reviewers to underestimate the skill's filesystem access, increasing the risk of unintended reads or writes in the working directory or alongside user-specified paths.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: This is a real issue: the Playwright path loads a local HTML file with `page.goto(..., wait_until="networkidle")` in a full browser context, which allows the rendered HTML to initiate outbound network requests for remote resources such as images, fonts, scripts, or tracking URLs. If resume HTML is user-controlled or imported from untrusted sources, rendering can leak sensitive resume contents or environment metadata to external hosts, and the resume-builder context makes this more dangerous because handling imported resumes is a core feature.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation text is very broad and triggers on common resume/CV phrasing, which can cause the skill to activate in conversations that only tangentially mention resumes. Over-triggering can unnecessarily expose file-handling and document-processing capabilities in contexts where they are not needed, increasing the chance of accidental data access or unintended side effects.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The document instructs the skill to write extracted resume data to `resume.json` in the current working directory by default, and to derive a `.json` path from imported PDFs, without mentioning overwrite checks, confirmation prompts, or safe file-placement constraints. In an agent context, this can lead to unintended file creation or overwriting of existing data, especially if the working directory is sensitive or shared.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # PDF import (required for scripts/extract_from_pdf.py) pymupdf # PDF export — install at least one of the following: # Option 1: pdfkit (requires wkhtmltopdf system package)
Confidence: 94% confidence
Finding: pymupdf

Unpinned Dependencies

Low

Category: Supply Chain
Content: # PDF export — install at least one of the following: # Option 1: pdfkit (requires wkhtmltopdf system package) pdfkit # Option 2: playwright (requires chromium browser) # playwright
Confidence: 91% confidence
Finding: pdfkit

Known Vulnerable Dependency: pymupdf — 1 advisory(ies): CVE-2026-3029 (PyMuPDF has a path traversal in _main_.py)

Low

Category: Supply Chain
Confidence: 97% confidence
Finding: pymupdf

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal