resume-project-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by emphasizing honesty and requiring user confirmation for any inferred data. No malicious code, exfiltration patterns, or obfuscation were detected.
- [COMMAND_EXECUTION]: The skill instructions include the use of common file system tools like Glob and Grep to identify project structure and dependencies (e.g., package.json, requirements.txt). These operations are consistent with the skill's primary purpose of codebase analysis.
- [PROMPT_INJECTION]: While the skill ingests untrusted data from external codebases, it incorporates multiple defensive layers, including a confidence classification system and a mandatory reflective questioning step (Step 4) to verify findings with the user, effectively mitigating the risk of indirect prompt injection.
Audit Metadata