Back to skill

Security audit

Jobautopilot Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed job-search assistant that reads a user-selected resume folder, searches job sites, and writes local tracker notes.

Before installing, point RESUME_DIR only at resumes or job-search documents you intend the agent to read, and choose tracker and handoff file locations where you are comfortable retaining search history, job URLs, notes, and rejected roles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to scan all files in the resume directory, including PDFs and DOCX files, and to persist derived information plus search history into tracker and handoff files without any user-facing consent, minimization, or privacy warning. Resumes commonly contain sensitive personal data such as full name, contact details, employment history, and education; broad ingestion and persistent recording increases the chance of unnecessary exposure or retention of sensitive data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.