Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- 该技能明确鼓励用户提交“个人简历”,而简历通常包含电话、邮箱、教育经历、工作履历等敏感个人信息,但文档未提醒用户最小化披露、打码或删除不必要的身份信息。这会增加用户过度分享个人数据的风险,尤其在后续可能结合联网检索或外部处理能力时,隐私暴露面进一步扩大。
Security audit
产品经理求职助手
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only PM interview coaching skill whose resume/JD handling and web research are aligned with its stated purpose.
Before using it, provide only the minimum resume and JD details needed for coaching. Redact contact information, addresses, IDs, and confidential company/project details, and avoid submitting private internal job descriptions if you do not want them used alongside web research.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)
Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- 技能声明会基于用户提供的公司名称和岗位JD进行“联网搜索”,但没有告知用户其输入内容可能被发送到外部搜索或第三方服务。若JD或上下文中包含未公开招聘信息、候选人背景线索或内部项目描述,可能导致用户在不知情情况下向外部系统泄露信息。
VirusTotal
58/58 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.