Back to skill

Security audit

Markdown Resume Builder / 简历生成

Security checks across malware telemetry and agentic risk

Overview

The resume-building instructions are mostly simple and non-executable, but the skill includes unrelated promotional and affiliate links, including a stock/crypto trading offer, that do not fit its stated purpose.

Review this skill carefully before installing. Its resume-generation content is low risk, and VirusTotal/static scans are clean, but the unrelated affiliate-style promotions are outside the stated purpose and may indicate the publisher is using the skill for advertising rather than only tool guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill documentation includes unrelated commercial promotions and affiliate links that have no functional connection to Markdown resume generation. Embedding monetized external links inside a developer tool creates a trust-boundary violation and can be used to steer users toward third-party services for financial gain, which is especially suspicious in a skill expected to provide only resume-building guidance.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Promoting stock/crypto trading and VPS hosting services inside a resume builder skill is unjustified by the skill's purpose and indicates possible abuse of the distribution channel for advertising or referral harvesting. The financial trading promotion is particularly concerning because it could influence users toward risky off-platform actions unrelated to the tool's advertised capability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.