简历优化技能

Security checks across malware telemetry and agentic risk

Overview

This skill provides resume optimization guidance and does not include code, installs, background behavior, or hidden data handling.

Install only if you want an agent to help analyze resume and job-description text. Before using it, remove unnecessary phone numbers, addresses, IDs, or private employer details, and verify that any suggested metrics, skills, or rewritten claims remain truthful.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger condition is very broad: phrases like '优化简历/修改简历/改进简历' can overlap with general writing-help requests and cause the skill to activate when the user did not actually intend JD-based resume optimization. Over-broad activation can route sensitive personal data into an unnecessary processing path and produce off-target guidance, increasing privacy and reliability risk.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The front-matter description is overly generic and lacks boundaries, which can cause the orchestrator to select this skill for loosely related prompts. In a system that auto-invokes skills, vague descriptions increase unintended activation and may expose resume or employment data to an unnecessary workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal