粘贴简历，一键优化成HR想看的版本

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only resume editing skill with no code execution, network access, credential use, or persistence.

Safe to install for resume editing. Before pasting a resume, remove highly sensitive details such as government ID numbers, passport data, bank information, exact home address, and private references, and verify that any generated metrics or achievements are accurate before using them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad everyday phrases such as “帮我看看简历”, which can plausibly appear in normal conversation and cause the skill to activate when the user did not explicitly request this specialized workflow. Unintended activation can override the assistant’s default behavior, force a rigid output template, and route unrelated user content into resume-processing instructions, creating prompt-routing and privacy risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal