Classify Rep Profile

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed sales self-assessment skill that writes a local assessment file, with privacy considerations but no evidence of hidden or malicious behavior.

Use this with non-sensitive inputs where possible. If assessing someone else, get appropriate consent and avoid using the output for hiring or formal performance decisions unless your organization has approved that process. Confirm where rep-profile-assessment.md will be written, who can access it, and delete or restrict it when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to write a persistent `rep-profile-assessment.md` file containing potentially sensitive employee evaluation data, behavioral scores, and coaching conclusions, but it provides no privacy notice, consent checkpoint, retention guidance, or access-control expectations. In self-assessment this is a moderate privacy issue, and in manager/enablement contexts it can become workplace-surveillance or HR data handling without clear safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal