Back to skill

Security audit

Analyste Du Travail

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only workplace analysis skill; its main risk is handling employee and internal banking data carefully.

Install only for authorized workplace transformation work. Before using it, define who may participate, what data may be collected, where notes and reports will be stored, who can access them, and when they will be deleted. Avoid customer data and unnecessary personal details; anonymize employee quotes and aggregate workload or timing data wherever possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template explicitly promises confidentiality and anonymization while prompting the interviewer to capture detailed notes, verbatims, weak signals, role history, and operational workarounds, but it does not instruct the user to minimize data collection, avoid unnecessary personal data, or handle sensitive statements securely. In a banking transformation context, these interviews can easily capture employee-sensitive, HR-relevant, or operationally sensitive information, creating privacy, compliance, and trust risks if users treat the template as sufficient guidance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The template explicitly captures attributable quotes ("Qui" + verbatim + context) and detailed interaction data without any guidance on consent, minimization, anonymization, or lawful handling of personal data. In a workplace banking context, this can lead to unnecessary collection of employee-identifiable information, privacy violations, and misuse of sensitive observations in performance or conduct assessments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The grids encourage granular time tracking of tasks, interruptions, urgency, and tool usage at the individual level, but provide no warning that such monitoring is sensitive and may require proportionality controls, transparency, and safeguards. In practice, this can enable invasive employee surveillance or repurposing of operational diagnostics into performance monitoring, especially in a regulated workplace environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.