resume-alignment
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No hardcoded credentials or sensitive data exposure (e.g., SSH keys) were detected.
- [SAFE]: The skill does not perform any network operations or external downloads.
- [COMMAND_EXECUTION]: The skill uses a shell command (
ls | sort | head) to programmatically locate the user's most recent job analysis file. This is a legitimate functional use of local commands. - [PROMPT_INJECTION]: The skill processes external data (job analyses) which presents an indirect prompt injection surface. Evidence: 1. Ingestion point:
~/career-applications/*/01-job-analysis.md. 2. Boundary markers: Absent. 3. Capability inventory: Local file reads, writes, and directory listing. 4. Sanitization: Absent, but significantly mitigated by Phase 3 and 4 which require explicit user verification for every resume bullet generated.
Audit Metadata