developer-hiring-intake
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute local scripts (e.g.,
scripts/validate-intake.py,scripts/analyze-requirements.py) on generated JSON data. While these are part of the skill's defined workflow for validation and compliance, the source code for these scripts was not provided, preventing a full security audit of the execution logic. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it ingests untrusted user input to generate files and drive further logic.
- Ingestion points: The skill accepts unstructured "hiring needs" from the user to populate JSON fields.
- Boundary markers: Absent. There are no explicit instructions or delimiters provided to prevent the LLM from following instructions embedded within the user's role descriptions.
- Capability inventory: The skill performs file system writes (
intake-{role-title}-{date}.json) and executes Python scripts via the command line. - Sanitization: While the instructions mention "validation checks" for legal compliance and schema correctness, the actual sanitization logic resides in the unprovided scripts.
Audit Metadata