Wet Lab Career

Security checks across malware telemetry and agentic risk

Overview

This is a coherent career-roadmap API skill, with the main caveat that career profile data is sent to an external service.

Use this only if you are comfortable sending career history, skills, goals, and identifiers to the provider’s API. Avoid entering employer-confidential lab details, proprietary protocols, patient data, or unnecessary personal identifiers, and check the provider’s privacy and retention terms before using real profiles.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documentation explicitly includes personal and quasi-identifying fields such as education, work experience, career goals, sessionId, userId, and timestamps, and even states that userId is used for analytics and persistence, but it provides no privacy notice, data handling disclosure, retention policy, or warning that this information may be transmitted to an external service. That creates a real privacy and compliance risk because users may disclose sensitive professional profile data without informed consent or awareness of downstream storage and processing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal