Resume Tailor — JD-Matched Resume & Cover Letter

Security checks across malware telemetry and agentic risk

Overview

This is a resume and cover-letter helper that uses user-provided job materials and contains no executable code or hidden data-sharing behavior.

Safe to install for resume tailoring. Share only resume, contact, and job information you are comfortable giving to the agent, verify that generated claims are accurate, and double-check regional advice before adding sensitive personal details such as photos, birth date, nationality, marital status, or emergency contacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill advertises very broad triggers such as 'apply for job' and 'job application materials', which are common phrases that can appear in many unrelated conversations. This can cause unintended activation, pulling the agent into resume-tailoring behavior when the user did not explicitly ask for it, increasing the chance of inappropriate file handling or irrelevant processing of sensitive personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal