Resume Match

Security checks across malware telemetry and agentic risk

Overview

This resume/job-search skill handles sensitive career data as part of its stated purpose, and the reviewed evidence does not show hidden or malicious behavior.

Install only if you are comfortable letting the skill process resume and job-search details. Avoid sharing optional sensitive fields unless needed, and confirm any resume updates, exports, deletes, or application-tracker changes before allowing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This skill is explicitly designed to ingest resumes and job descriptions, which commonly contain sensitive personal data such as names, contact details, employment history, education, and sometimes demographic or location information. The absence of any privacy notice, minimization guidance, or handling constraints increases the risk that users will submit sensitive data without understanding retention, exposure, or sharing implications.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal