applications
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing a CLI tool named
braggerto perform data operations. User-supplied input from various fields, such as company names, roles, and notes, is passed directly as arguments to this command-line interface. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from external job descriptions and files.
- Ingestion points: Untrusted data enters the agent context via the
jd_contentfield, the--jd-filepath, and theapplications.jsonlstorage file. - Boundary markers: The instructions lack defined delimiters or specific 'ignore embedded instructions' warnings to prevent the agent from obeying commands hidden within job description text.
- Capability inventory: The skill can execute shell commands (
bragger) and perform file system read/write operations on the application tracker. - Sanitization: No sanitization, escaping, or validation of the ingested job description content or file paths is described.
- [EXTERNAL_DOWNLOADS]: The skill handles external URLs for job descriptions and company websites, and it includes logic to fetch and extract content from these remote sources.
Audit Metadata