resume-tailor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted external text.
- Ingestion points: The skill ingests user-provided resumes and job descriptions as primary inputs (referenced in SKILL.md under Step 1).
- Boundary markers: No explicit delimiters or system instructions are provided to the agent to treat input data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill utilizes MCP tools for document processing, specifically
extract_text_from_pdf,extract_text_from_docx, andcreate_docx. - Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the AI.
Audit Metadata