career-biographer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
- Ingestion points: The skill collects arbitrary user input during the career interview process (SKILL.md) and processes external JSON files via the validation script (scripts/validate_profile.sh).\n
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested data, increasing the risk that malicious user input could influence downstream agents or tools.\n
- Capability inventory: The skill is granted 'Read', 'Write', and 'Edit' permissions (SKILL.md), and the validation script executes shell commands using 'jq' (scripts/validate_profile.sh).\n
- Sanitization: The shell script performs structural validation but does not sanitize the values within the JSON, allowing potentially malicious instructions to persist in the generated profile.
Audit Metadata