Career

Security checks across malware telemetry and agentic risk

Overview

This career-advice skill is coherent and instruction-only, but users should know it can save approved career details in a local profile file.

Install only if you are comfortable with the agent maintaining a local career profile. Approve only details you want retained, especially compensation, constraints, goals, and employment context, and review or delete ~/career/memory.md when it is outdated or too sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The instruction to extract career context from any question creates an over-broad collection scope that can cause the skill to infer and process sensitive personal or employment data even when the user's request is unrelated. In combination with the persistent profile mechanism, this increases the chance of silent profiling, unnecessary retention, and use of personal context beyond the user's reasonable expectations.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill directs the agent to create and maintain a persistent user profile in ~/career/memory.md without an upfront warning, consent flow, retention policy, or access controls. Even though it says to store only after explicit yes, it still establishes background profiling categories and local persistence that may surprise users and expose sensitive career, compensation, constraint, or goal data if the file is later accessed by other tools or users.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal