interview-simulator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The setup guide in
SKILL.mddescribes the use of theBashtool to clone repositories, install dependencies vianpm, and initialize a Supabase database. These are documented steps for setting up the simulator's infrastructure and do not involve suspicious or obfuscated commands. - [EXTERNAL_DOWNLOADS]: The skill fetches the MediaPipe Face Mesh model from the JSDelivr CDN in
references/proctor-engine-setup.md. MediaPipe is an established library from Google, and JSDelivr is a well-known technology service, making these downloads safe. - [PROMPT_INJECTION]: The
references/session-orchestration.mdfile defines aDEBRIEF_PROMPTthat interpolates the user's interview transcript directly into the coach's evaluation prompt. This creates a surface for indirect prompt injection where a candidate might attempt to manipulate their score. - Ingestion points: User transcripts are ingested into the debrief generator in
references/session-orchestration.md. - Boundary markers: The transcript is interpolated without explicit delimiters or safety warnings in the
DEBRIEF_PROMPTtemplate. - Capability inventory: The skill uses
Bashfor environment setup, but the outputs of the debrief generator (structured JSON) are stored in a database and not executed as system commands. - Sanitization: The skill includes a
truncateTranscriptfunction, but it focuses on context window management rather than content sanitization.
Audit Metadata