cv-creator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection via untrusted data ingestion. ● Ingestion points:
references/interfaces-integration.mddescribes a 'Standalone Quick Optimization' workflow that fetches job descriptions from user-provided URLs. ● Boundary markers: Absent. The instructions do not specify any delimiters or safety headers when processing the fetched content. ● Capability inventory:SKILL.mddefinesallowed-tools: Read,Write,Edit,WebFetch,WebSearch. ● Sanitization: Absent. The agent is instructed to directly extract keywords and skills from the untrusted content. ● Risk: An attacker could host a job description containing instructions to hijack the agent's logic and exfiltrate the user's career data using theWebFetchtool. - [EXTERNAL_DOWNLOADS] (MEDIUM): Reference to an untrusted external source. ● Evidence:
SKILL.mdandreferences/interfaces-integration.mdboth link togithub.com/erichowens/cv-creatoras a 'Production Implementation'. ● Risk: This repository is not on the trusted scope list. Users or agents following these instructions are exposed to unverified code and recommended execution ofnpm install.
Recommendations
- AI detected serious security threats
Audit Metadata