Pilot Recruitment Pipeline Setup

Security checks across malware telemetry and agentic risk

Overview

This recruitment skill appears legitimate, but it should be reviewed because candidate information may be shared with agents and external calendar services without clear privacy controls.

Review this skill before installing in a hiring workflow. Use it only with approved calendar endpoints and confirm what candidate fields it sends; avoid unnecessary PII, obtain required consent, and add local policy guidance for retention and access control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly routes interview invites through an external calendar API, which implies candidate-identifying information may leave the internal agent network, yet it provides no warning, consent guidance, or data-minimization instructions. In a recruitment pipeline, this is sensitive HR data, so undocumented external transmission increases privacy, compliance, and misconfiguration risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly routes candidate profiles between agents and sends interview invites to external services, but it provides no privacy, consent, minimization, or retention guidance for personally identifiable candidate data. In a recruitment context, this can expose sensitive personal information to unnecessary internal agents or third-party webhook endpoints, increasing compliance and confidentiality risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal