cv-creator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes job descriptions from untrusted external URLs to perform keyword optimization and ATS scoring.
- Ingestion points: External job description content is retrieved using the
WebFetchtool as part of the 'Standalone Quick Optimization' workflow. - Boundary markers: The generation protocol defined in
references/resume-protocol.mdlacks instructions for using delimiters or boundary markers (e.g., XML tags or triple quotes) when the agent processes external text. - Capability inventory: The skill possesses
WriteandEditpermissions, which could be exploited by an injection to create or modify local files with malicious content. - Sanitization: There is no evidence of input validation, filtering, or sanitization of the fetched job description data before it is incorporated into the prompt context for keyword extraction.
- [EXTERNAL_DOWNLOADS]: The skill documentation references a non-trusted third-party GitHub repository (
github.com/erichowens/cv-creator) and describes a deployment process involving external package installation (npm install). This repository is not associated with the skill's author ('curiositech') or the list of trusted vendors.
Audit Metadata