Skills
skills/openclaw/skills/51mee-resume-match/Gen Agent Trust Hub

51mee-resume-match

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits local resume files and job description text to a remote endpoint at https://openapi.51mee.com/api/v1/parse/match via a POST request.
  • Resumes are highly sensitive documents often containing full names, contact details, and employment history.
  • This transfer is required for the skill to perform its stated purpose of AI-based resume parsing and matching.
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute a curl command to interact with the vendor's API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external resumes and job descriptions.
  • Ingestion points: The file parameter (resume) and jd_text parameter (job description) enter the agent context in SKILL.md.
  • Boundary markers: The skill does not implement specific delimiters or safety instructions to prevent the agent from obeying instructions hidden within the resume text.
  • Capability inventory: The skill has network access via curl but does not exhibit file-write or subprocess execution capabilities beyond the API call.
  • Sanitization: No evidence of input validation or sanitization is present in the static instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 10:55 AM