Resume Risk Screen

Security checks across malware telemetry and agentic risk

Overview

The supplied evidence describes a Chinese-language workflow skill with no corroborated unsafe access or execution behavior, though its fixed language behavior may limit usability.

Install this only if Chinese-language output fits your workflow. Check the skill text during installation for any instruction that tries to override your agent’s normal safety or language preferences; based on the supplied evidence, there is no confirmed sign of credential use, persistence, data exfiltration, or destructive behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The skill is entirely written in Chinese and mandates Chinese-language output formatting without offering any user language choice or documenting a locale-specific business constraint. In a general-purpose agent environment, this can cause incorrect behavior, inaccessible outputs, and downstream integration errors when users or calling systems expect another language.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal