ats
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes untrusted user input (resumes and job descriptions). While it lacks explicit boundary markers or sanitization, its capabilities are limited to text analysis and reporting, presenting no significant security risk. \n
- Ingestion points: Input Handling section (resume files/text and job descriptions). \n
- Boundary markers: None specified in the instructions. \n
- Capability inventory: Text processing and report generation; no file system writes, network requests, or command execution detected. \n
- Sanitization: None specified for input data.\n- Data Exposure (SAFE): The skill references an internal file path
${CLAUDE_PLUGIN_ROOT}/skills/review/references/ats-guide.mdfor reference material. This is a local resource access consistent with standard agent skill design and does not constitute sensitive data exposure or exfiltration.
Audit Metadata