cv-matcher-ai-data
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection through processed data.
- Ingestion points: The skill instructions specify reading .pdf and .docx files from the local filesystem (SKILL.md).
- Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded commands within the resume text.
- Capability inventory: The skill involves reading local files and generating structured output based on their content.
- Sanitization: Absent. No sanitization or validation of the extracted resume text is performed before it is processed by the agent's logic.
Audit Metadata