Career Success Predictor 职业匹配评估

Security checks across malware telemetry and agentic risk

Overview

This appears to be a career-planning assessment skill with local report generation, and the main issue is broad activation rather than malicious behavior.

Install only if you want a structured career-planning workflow. Before using it, avoid sharing unnecessary personal identifiers, ask the agent to confirm before starting the assessment, and review any local report or conversation-log files it creates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger instructions are broad enough to activate on many general career-doubt or career-advice queries, including multilingual phrases and vague expressions of uncertainty. This can cause unintended invocation, where the skill takes over conversations outside a clear user request for an assessment, leading to misleading pseudo-diagnostic output and reduced user agency in sensitive life-decision contexts.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger conditions are broad enough to activate on vague career uncertainty or general job-related discussion, not just explicit requests for this specific assessment. That can cause the agent to steer users into a quasi-diagnostic workflow and generate persuasive career-fit conclusions when the user may have wanted lighter guidance, increasing the risk of inappropriate automation and overreach in a sensitive life-decision context.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal