CyberSec Roadmap

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow career-roadmap API integration, with the main caution being that it sends professional profile details to an external service.

Use this skill only if you trust the API provider with the career details you submit. Avoid including confidential employer information, sensitive internal security architecture, project names, or unnecessary personal identifiers unless you understand the provider's data handling and retention practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill solicits detailed professional assessment data, including work history, current role, skills, certifications, goals, session identifiers, timestamps, and optional user identifiers, but provides no privacy notice, retention policy, consent language, or handling constraints. Because this data is transmitted to an external third-party API, users and agents are not informed about exposure, storage, or secondary use, creating a real privacy and compliance risk rather than a purely documentation issue.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal