Skills
skills/fotescodev/portfolio/cv-content-generator/Gen Agent Trust Hub

cv-content-generator

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local shell commands via npm run to perform data analysis and search operations, specifically search:evidence, analyze:jd, and check:coverage.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external job descriptions.
  • Ingestion points: Job descriptions are read from source-data/jd-{company}.txt and unstructured data from content/knowledge/raw/.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing external text.
  • Capability inventory: The agent can execute local npm scripts and write generated markdown or YAML content to various directories in the content/ folder.
  • Sanitization: There is no evidence of sanitization or validation performed on the input text from job descriptions before it is used for analysis or content generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 11:01 AM