Boss Resume Analyzer
Fail
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly reads sensitive configuration files containing potential secrets, including
/agent/.agents/skills/imap-smtp-email/.envand/agent/hiring/.wecom_webhook. Accessing environment files from other skills' directories represents a violation of isolation boundaries. - [DATA_EXFILTRATION]: The skill is designed to extract PII from resumes and transmit candidate data, analysis reports, and original PDF files to an external Webhook service via
curl. While this aligns with the stated purpose, it facilitates the bulk export of sensitive data to a remote endpoint. - [COMMAND_EXECUTION]: The skill invokes local command-line tools and scripts to perform its operations, including
nodefor email retrieval,pdftotextfor data extraction, andbashfor sending data to external webhooks. This provides a functional base for a malicious actor if the agent's logic is subverted. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted text extracted from external PDF resumes without implementing boundary markers or security-focused sanitization.
- Ingestion points: External PDF files located in
/agent/hiring/resumes/are converted to text and processed by the agent. - Boundary markers: None identified. The instructions do not define delimiters to separate resume content from agent instructions.
- Capability inventory: The agent has permission to read/write local files, execute shell commands, and perform network requests via
curl. - Sanitization: Only non-security noise filtering (e.g., removing watermark strings) is performed on the extracted text.
Recommendations
- AI detected serious security threats
Audit Metadata