Anubis Pro

Security checks across malware telemetry and agentic risk

Overview

This career-document skill does what it claims, but it unnecessarily prints the user's full resume and job description to the console, which can expose sensitive application data in logs or shared sessions.

Install only if you are comfortable with your full resume and job description being shown in the agent's console/log output. Use a dedicated output directory, avoid running it in shared terminals or recorded sessions, and prefer a virtual environment for the Python dependency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The skill prints the full resume and full job description to stdout, which can expose sensitive personal, employment, and application data to logs, calling frameworks, terminal history, or other observers. This disclosure is broader than necessary for generating the requested documents and creates avoidable data leakage risk.

Missing User Warnings

High

Confidence: 91% confidence
Finding: The skill handles sensitive resume and job-description content and then prints that content to console, yet the markdown provides no warning about this behavior. In context, the missing disclosure materially increases the chance users will expose private data unintentionally through logs or shared terminals.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal