himalayas-employer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from candidate profiles and messaging threads.
- Ingestion points: The skill retrieves external data via tools such as get_talent_profile (candidate bios/history) and get_conversation (candidate messages).
- Boundary markers: There are no explicit instructions or delimiters used to isolate or ignore instructions embedded in the candidate-provided content.
- Capability inventory: The agent possesses high-privilege capabilities including deleting job postings (delete_company_job), sending candidate messages (send_message), and updating company profiles (update_company_profile).
- Sanitization: No explicit sanitization, validation, or filtering of the ingested external content is described in the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill connects to an external Model Context Protocol (MCP) server at https://mcp.himalayas.app/mcp. This endpoint is owned by the skill author and is required for the skill's documented employer and market intelligence features.
Audit Metadata