Jd Description Writer

Security checks across malware telemetry and agentic risk

Overview

This is a simple job-description writing skill with no evidence of hidden access, persistence, commands, credential handling, or data exfiltration.

Installers should know this skill may activate for broad hiring terms such as “job description” or “position description.” It is appropriate for drafting JDs, but for adjacent tasks like interview planning, candidate evaluation, or legal hiring policy, users may need to choose a more specific skill or clarify the request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill’s trigger phrases are broad and overlap with common recruiting-related requests such as 'job description' or 'position description' without clear boundaries on when the skill should or should not activate. This can cause unintended invocation in unrelated hiring workflows, leading the agent to apply rigid output constraints or JD-generation behavior in contexts where a different skill or safer handling would be more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal