cv-data-ingestion
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process unstructured career data from external sources.
- Ingestion points: Processes multiple files from the
source-data/directory, including Obsidian notes, CSV exports, and resume text. - Boundary markers: Absent. The workflow does not provide delimiters or specific instructions to the agent to disregard instructions that may be embedded within the source documents.
- Capability inventory: The agent has the ability to read and write files, as well as execute shell commands such as
find,grep,unzip, andnpm. - Sanitization: Absent. The skill emphasizes Zod schema validation for output structure but lacks mechanisms to sanitize input text or prevent content from influencing agent logic.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to perform data inventory and validation tasks.
- The instructions direct the agent to run
find,grep, andunzipon the contents of thesource-data/directory, as well asnpm run validatefor content checking. - [DATA_EXFILTRATION]: The skill performs network operations to verify external links discovered during data processing.
- The workflow instructs the agent to "extract and verify company/project URLs" to ensure they are active (not 404), which involves connecting to arbitrary domains found in the user-provided data.
Audit Metadata