Security audit

generate-executive-recruiting-boutique-client-education-handout

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk content-generation skill for drafting executive recruiting client handouts, with no executable code or hidden access.

Use this as a drafting aid for client-facing recruiting education materials. Review outputs for accuracy, bias, and legal suitability, and do not use it to screen, rank, or make decisions about candidates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill’s activation guidance is generic and can be invoked for broad 'client education work' without clear boundaries on inputs, outputs, or when human review is mandatory. In an HR/recruitment context, overly broad triggering increases the chance the skill is used for adjacent hiring or candidate-evaluation tasks, which can lead to biased, misleading, or compliance-sensitive employment content being generated without sufficient safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.