interview-system-designer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through untrusted data ingestion.
- Ingestion points: The
hiring_calibrator.py,loop_designer.py, andquestion_bank_generator.pyscripts ingest role titles, competencies, and interview data from user-supplied JSON files or CLI arguments. - Boundary markers: The generated reports and question banks do not use delimiters or escaping to distinguish between system-generated text and untrusted strings from the input files.
- Capability inventory: The skill performs local statistical analysis, generates schedules, and creates question banks. All operations are confined to the local environment using the Python standard library with no network or subprocess capabilities identified in the source code.
- Sanitization: Data from input files (such as role names, candidate IDs, or competency labels) is included directly in the generated output reports without sanitization, which could allow maliciously crafted strings to enter the agent's context and influence subsequent behavior.
Audit Metadata