Bangai Recruit

Security checks across malware telemetry and agentic risk

Overview

This instruction-only recruiting helper is coherent, but it needs Review because it can access sensitive applicant data, approve or reject candidates, and create automated recruiting agents without clear confirmation or data-handling limits.

Install only if you are authorized to use Bang.AI for recruiting in the logged-in account. Require the agent to show relevant candidate context and ask for explicit confirmation before every approve/reject action or before creating a new recruiting Agent, and avoid retaining or sharing applicant data outside the recruiting need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill enables consequential employment decisions by exposing direct "通过/拒绝" actions without any warning, confirmation, or requirement for human review. In a hiring context, an agent could reject or advance candidates prematurely or based on incomplete context, creating legal, fairness, and operational risks for both candidates and the employer.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill handles sensitive candidate data including name, school, major, education, work history, age, and potentially gender and video resumes, but provides no privacy or data-handling warning. This increases the chance of over-collection, inappropriate exposure, or misuse of regulated personal data during hiring workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal