executive-resume-writer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the user (such as career histories and existing resumes), creating a surface for indirect prompt injection where hidden instructions in the input could influence the model's behavior. Because the skill's capabilities are restricted to text generation, the impact is limited to the integrity of the resume output.
- Ingestion points: User career history, LinkedIn profile data, and background summaries requested in
SKILL.md(Error Handling and Professional Experience sections). - Boundary markers: Absent; the prompt instructions do not employ delimiters (like XML tags or block markers) to encapsulate user-supplied content.
- Capability inventory: Text generation only. No subprocesses, file system modifications, or network operations were detected in any of the skill files.
- Sanitization: Absent; there is no validation or filtering logic to detect or escape instruction-like patterns within the user-provided text.
Audit Metadata