upwork-apply
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from Upwork job listings.
- Ingestion points:
scripts/upwork_proposal_generator.pyprocesses job titles, descriptions, and skills scraped from the web. - Boundary markers: No delimiters or isolation instructions are used when interpolating job data into the LLM prompts.
- Capability inventory: The skill can write to the local filesystem, perform network requests to external APIs, and create/modify Google Documents and Sheets.
- Sanitization: There is no evidence of sanitization or filtering of the job content before it is sent to the LLM.
- [DATA_EXFILTRATION]: In
scripts/upwork_proposal_generator.py, thecreate_formatted_google_docfunction programmatically sets the permissions of generated proposal documents to be publicly accessible by anyone with the link. This behavior is intended for sharing proposals with clients but results in the public exposure of generated data. - [EXTERNAL_DOWNLOADS]: The skill communicates with well-known external services to fulfill its primary purpose:
- It fetches job data from the Apify API.
- It sends content to the Anthropic API for text generation.
- It interacts with Google APIs (Sheets, Docs, Drive) to manage application data.
Audit Metadata