employment-manager
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages a local
_workspace/directory to store and organize generated recruitment documents such as job descriptions, screening frameworks, and onboarding plans. It also utilizes file-reading tools (Read, Glob, Grep) to review business tone in documents.- [EXTERNAL_DOWNLOADS]: The skill provides links to the official Korean 4-insurance information portal (4insure.kr) for regulatory compliance and employee registration procedures.- [PROMPT_INJECTION]: The skill processes user-supplied data to generate specialized HR content, which constitutes an indirect prompt injection surface. - Ingestion points: User-provided job requirements, candidate profiles, and organizational information.
- Boundary markers: Not present in the current implementation.
- Capability inventory: Local file system writes to workspace paths, complex reasoning via sequential thinking tools, and document format conversion via shared agents (moai-office).
- Sanitization: No explicit input sanitization or validation logic is described in the workflow.
Audit Metadata