Skills
skills/ajbcoding/claude-skill-eval/format-resume/Gen Agent Trust Hub

format-resume

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute a local Python script (format_cv.py) located in a specific project directory (~/PycharmProjects/career-lexicon-builder). This is used to perform the core document formatting and PDF preview generation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted resume content from the user and processes it through an LLM to generate structured JSON.
  • Ingestion points: Raw CV/resume text provided by the user in Step 1 of the workflow.
  • Boundary markers: None identified; there are no explicit delimiters or instructions for the agent to ignore instructions embedded within the user's resume content.
  • Capability inventory: The skill has the ability to execute shell commands via subprocess.run and write files to the local file system (e.g., /tmp/cv_mapping.json and output .docx files).
  • Sanitization: No explicit sanitization or validation of the input text is performed before it is analyzed by the LLM or passed to the generation script.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:07 AM