resume-builder

Security checks across malware telemetry and agentic risk

Overview

This is a resume-building helper that asks for normal resume details and produces Reactive Resume JSON, with no executable code or hidden system access found.

Before installing, understand that this skill will prompt for resume-related personal information. Share only details you want included in the resume, consider omitting or redacting sensitive contact details during drafting, and review the generated JSON before importing it into Reactive Resume or uploading it elsewhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly prompts for sensitive personal data such as full name, email address, phone number, and location without any privacy warning, minimization guidance, or handling constraints. In an agent ecosystem, overly eager collection of PII can lead to unnecessary exposure, retention, or downstream leakage, especially if the skill is auto-invoked or logs conversational state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal