Test Engineer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward career-roadmap API skill, with the main caution that it sends assessment/profile details to an external service.

Before using this with real candidates or employees, avoid sending names or unnecessary identifiers, use pseudonymous session IDs where possible, and check the provider's privacy and retention terms for sensitive or regulated assessment data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly describes collecting and transmitting assessment data along with user identifiers and session metadata, but provides no privacy notice, retention policy, consent guidance, or warning about sending potentially sensitive career/profile information to a third-party service. In an agent setting, this can lead to unreviewed disclosure of personal and profiling data to an external API, creating privacy, compliance, and trust risks even if the service is otherwise legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal