The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (Category 8) as it is designed to ingest and analyze untrusted data from external sources.
Ingestion points: Untrusted data enters the agent context via the kickoff (resume text), decode (job descriptions), prep (job descriptions), and analyze (raw transcripts) commands in SKILL.md and associated command files.
Boundary markers: Although the skill employs sophisticated normalization for transcripts, it does not use explicit delimiters or instructions to ignore commands potentially embedded within the analyzed documents.
Capability inventory: The skill has broad permissions including Read, Write, and Edit for local files (specifically coaching_state.md) and the ability to perform WebSearch and WebFetch operations.
Sanitization: There is no implemented logic to sanitize or filter the input text for malicious natural language instructions.
[SAFE]: The skill interacts with well-known and established professional services for its research functions.
External References: Commands like salary and research reference established platforms such as Levels.fyi, Glassdoor, and Blind for compensation and culture data, which are used as legitimate information sources.

interview-coach