interview-coach
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to how it handles external, untrusted content. ● Ingestion points: The
analyze,decode, andresumecommands ingest text from interview transcripts, job descriptions, and external resumes. ● Boundary markers: The skill does not define clear boundaries or 'ignore' instructions for the data it processes. ● Capability inventory: The agent is grantedWebSearch,WebFetch, and file systemRead/Writecapabilities (specifically for thecoaching_state.mdfile). ● Sanitization: There is no evidence of logic to sanitize or escape inputs before they are processed by the language model. - [EXTERNAL_DOWNLOADS]: The skill implements a
researchcommand that usesWebSearchandWebFetchto gather company intelligence from various public websites, blogs, and news sources to provide context for the user's interview preparation.
Audit Metadata