resume-builder
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to guide an AI agent through a conversational workflow to collect user data and format it into a specific JSON schema. It contains no hidden instructions, system prompt overrides, or malicious code patterns.
- [INDIRECT_PROMPT_INJECTION]: The skill acts as a data ingestion surface by taking user input (personal info, work experience) and placing it into structured fields. While it instructs the agent to 'Never hallucinate' and 'Validate output', there is a minor risk that malicious user input could be formatted into the output JSON. However, since the skill has no network or shell execution capabilities, the risk to the agent or local environment is negligible.
- [COMMAND_EXECUTION]: While the documentation mentions generating UUIDs using specific Node.js packages or crypto libraries, these are instructional references for data generation rather than commands executed by the skill itself.
Audit Metadata