Resume Optimizer

Security checks across malware telemetry and agentic risk

Overview

This resume-optimization skill is instruction-only and uses uploaded resume content for its stated purpose without hidden code, persistence, or unrelated access.

Before installing, remember that resumes often contain personal contact and employment details. Use only with resumes you are comfortable providing to your agent/runtime, and review the final output for factual accuracy because the skill encourages stronger wording while also telling the agent not to fabricate details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to upload and parse a PDF resume, which commonly contains highly sensitive personal data such as full name, phone number, email, employment history, education, and sometimes address or government identifiers. Omitting any privacy, retention, redaction, or consent guidance increases the risk of mishandling personal data and unsafe user expectations, especially because the skill is explicitly designed to ingest resumes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal