Back to skill

Security audit

Resume Html

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward resume generator that creates local HTML and PDF resume files without hidden or unrelated behavior.

Install this only if you want local resume generation. Treat generated HTML/PDF files as sensitive because they may contain contact details, work history, salary expectations, and photos; use a private workspace and delete drafts you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are generic enough that normal resume-related requests could invoke the skill unintentionally. Because this skill generates files and may process personal resume data and photos, accidental activation can cause unexpected handling of sensitive PII and unintended file creation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes generating HTML/PDF resumes but does not warn users that it writes resume.html and resume.pdf to disk and may embed highly sensitive personal data, including photos, into those files. This creates a privacy and data-handling risk because users may unknowingly persist PII locally or in shared workspaces where it can be exposed or retained longer than intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.