cover-letter
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Uses Model Context Protocol (MCP) tools for browser-based tasks like navigating to job URLs and extracting text. This behavior is consistent with the skill's primary function.
- [DATA_EXFILTRATION]: Reads resume and professional profile data from the
~/.proficiently/directory. This data access is localized and necessary for content generation. - [PROMPT_INJECTION]: The skill ingests job description text from external websites. While this is a surface for indirect prompt injection, it is a necessary part of the job-tailoring process and is considered a standard operational risk for browsing agents. 1. Ingestion points: Scraped text from job URLs via MCP, used in
scripts/write-cover-letter.md. 2. Boundary markers: Absent. 3. Capability inventory: File system access in~/.proficiently/and browser interaction via MCP tools specified inSKILL.md. 4. Sanitization: None. - [SAFE]: Automated scan results regarding
profile.mdwere determined to be false positives, as the file is a standard component of the user's local work history profile and contains no malicious content.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata