Security audit

Interview Review

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Chinese interview-review coach that only analyzes interview text the user provides.

Install this if you want Chinese-language help reviewing an interview transcript or written Q&A. Interview notes can include sensitive career, employer, compensation, or personal information, so share only details you are comfortable giving to the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill is configured to trigger not only on explicit requests for interview review, but also whenever the model infers a general intent to analyze a past interview. That broad routing can cause unintended activation, override a more suitable skill or the base assistant behavior, and increase the chance of context misclassification or prompt hijacking through ambiguous user input.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill content is written to operate in Chinese and does not provide a language-selection mechanism or document that it is intentionally restricted to Chinese-speaking users. This can lead to unsafe or degraded behavior for users interacting in other languages, including misunderstanding user-provided interview material, producing inaccessible output, or mishandling multilingual context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.