Harvard Style CV Creator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent resume and cover-letter generator that writes local .docx files, with privacy and package-install cautions.

Install this if you want an agent to create resume or cover-letter .docx files. Prefer a trusted or preinstalled docx dependency over a global npm install, and review or delete generated files when done because they may contain personal contact, education, and employment details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger conditions are very broad and can activate on ordinary requests about resumes or job applications, causing the skill to take over interactions more often than intended. In an agent system, over-broad routing can lead to unnecessary file generation, collection of sensitive personal data, and unexpected execution of local commands or output-writing behavior for benign queries that did not require this skill.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill writes generated documents to local and output directories, but the description does not clearly disclose that filesystem side effect. Hidden write behavior is risky because users or orchestrators may treat the skill as a pure text-generation helper, while it actually persists sensitive resume and contact information to disk, increasing privacy and data-handling exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal