resume-optimizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface by processing untrusted external data (user resumes and job descriptions) alongside high-privilege capabilities. An attacker could embed malicious instructions within a job description that the agent is 'analyzing' or 'using for tailoring,' potentially leading to unauthorized file access or malicious command execution.\n
- Ingestion points: Processes external text via
Review the provided resume contentandParse job descriptioninSKILL.md.\n - Boundary markers: No delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings are specified in the workflow.\n
- Capability inventory: Executes shell commands via
python3 scripts/generate_resume_pdf.pyand performs file-write operations to/mnt/user-data/outputs/.\n - Sanitization: No evidence of input validation or sanitization before passing data to scripts or using it in decision-making.\n- [Command Execution] (MEDIUM): The skill explicitly instructs the agent to execute a Python script (
scripts/generate_resume_pdf.py) using a shell command. If the arguments (e.g., the JSON input) are constructed using unsanitized user content, it could lead to command injection or argument manipulation.\n- [Dynamic Execution] (HIGH): The 'Code Style' section provides instructions for 'generating Python scripts for PDF creation.' Generating executable code at runtime based on untrusted user data (like resume content) is a critical security risk that can lead to arbitrary code execution if the agent interpolates user input directly into the generated script's logic.
Recommendations
- AI detected serious security threats
Audit Metadata