resume-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains clear, task-oriented instructions without any attempts to bypass safety filters or override agent constraints.
- Data Exposure & Exfiltration (SAFE): While the skill collects personally identifiable information (PII) such as name, email, and phone number, this is necessary for its core purpose. The instructions guide the agent to output the data directly to the user in JSON format; no network exfiltration or unauthorized data access patterns were detected.
- Remote Code Execution (SAFE): There are no scripts, command-line executions, or external package dependencies associated with this skill.
- Indirect Prompt Injection (SAFE):
- Ingestion points: The skill ingests untrusted user data for resume sections (experience, education).
- Boundary markers: None explicitly defined in the output instructions.
- Capability inventory: No risky capabilities (no file-write, no network-post, no exec).
- Sanitization: Focuses on schema validation and UUID generation, but the risk remains low as it only outputs text to the user.
Audit Metadata