resume-tailor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security concerns were identified. The skill performs its stated function of resume tailoring through text analysis and document manipulation using local MCP tools.
- [PROMPT_INJECTION]: The skill processes untrusted user data (resumes and job descriptions), creating a potential surface for indirect prompt injection. However, since the skill's capabilities are limited to document text extraction and generation without network access, the risk is negligible.
- Ingestion points:
SKILL.mddirects users to provide resumes and job descriptions in the 'How to Use Me' section. - Boundary markers: The instructions do not define specific delimiters or XML tags to isolate untrusted user inputs from the system instructions.
- Capability inventory: The skill utilizes the
office-mcpserver toolsextract_text_from_pdf,extract_text_from_docx, andcreate_docxas defined in theSKILL.mdYAML frontmatter. - Sanitization: No input sanitization or validation logic is implemented for the provided data content.
Audit Metadata