AI Resume Screener

Security checks across malware telemetry and agentic risk

Overview

This resume-screening skill is not malicious, but it asks users to bulk process sensitive candidate data and create hiring rankings without clear privacy, retention, or fairness safeguards.

Review before installing or using on real resumes. Only use it with authorized candidate data, define where parsed data and rankings are stored, set retention and deletion rules, restrict access, and require human review and legal/compliance checks before using scores in hiring decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly promotes bulk resume screening and resume parsing, which inherently involves handling large volumes of personally identifiable and potentially sensitive employment data. Omitting any warning or guidance about privacy, consent, retention, access control, and regulatory obligations can lead users to process candidate data insecurely or unlawfully, increasing the risk of privacy breaches and compliance violations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal