recruitment-processor
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted recruitment documents and images without sufficient safety boundaries. Ingestion points: Processes user-provided markdown files and image URLs (SKILL.md, Step 2.1). Boundary markers: Absent; the instructions do not tell the agent to ignore potentially malicious commands within the extracted data. Capability inventory: File system access (reading docs), image-to-text recognition (OCR), and file writing (generating reports). Sanitization: Absent; the integrated 'complete cognition' step (Step 2.2) incorporates potentially tainted OCR results directly into the agent's decision-making process.
- EXTERNAL_DOWNLOADS (LOW): The skill triggers the agent to fetch content from arbitrary remote URLs found in markdown image links. Evidence: Scanning and processing logic for
in SKILL.md Step 2.1.
Audit Metadata