experience-selector
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the Job Description (JD) input. An attacker could embed malicious instructions within a JD to influence the agent's behavior or data selection process.
- Ingestion points: The skill accepts a Job Description (JD) as a primary input for analysis in
SKILL.md. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the JD content.
- Capability inventory: The skill has the capability to read multiple sensitive local files (
../../context/information.md,experience.md, etc.) to gather personal facts. - Sanitization: Absent. The skill does not describe any validation or filtering for the external JD input.
- [DATA_EXPOSURE]: The skill accesses sensitive personal identifiable information (PII) stored in local files, which is necessary for its stated purpose but represents a data exposure surface.
- Evidence: The instructions explicitly mandate reading
../../context/information.md(containing basic info, location, and phone numbers) and other professional history files.
Audit Metadata