Back to skill

Security audit

Recruiting Skillset

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only recruiting workflow skill whose file-update guidance is disclosed and tied to improving hiring standards.

Install if you want a Chinese-oriented recruiting workflow coordinator. Before accepting any suggested patches to related recruiting skills or EVOLUTION.md files, review the edits because they may change how future hiring materials are evaluated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The manifest describes this skill as being used for end-to-end hiring tasks such as defining roles, screening resumes, preparing interviews, and calibrating standards. At L130, the documentation tells the agent to immediately patch another skill and record the change in that skill's EVOLUTION.md, which is a repository-maintenance capability rather than a direct hiring-analysis function.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The stated purpose is an end-to-end recruiting control skill for JD creation, resume screening, interview preparation, evaluation, and standards calibration. Requiring that user feedback be written into EVOLUTION.md turns the skill into a persistent documentation updater, which is not an obvious or necessary part of performing recruiting tasks for a user.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The manifest description and visible skill title are entirely in Chinese and the listed trigger phrases are Chinese-specific, which effectively constrains activation and use to a specific language/locale. The file does not offer any user choice, alternate language handling, or explicit justification for this locale restriction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.