setup
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as resumes and LinkedIn CSV exports, creating a surface for indirect prompt injection.
- Ingestion points: Data is ingested from user-provided resumes in
DATA_DIR/resume/and contact exports inDATA_DIR/linkedin-contacts.csv(referenced in SKILL.md). - Boundary markers: The instructions do not define delimiters or specific markers to prevent the model from obeying instructions that might be embedded within the ingested resume or contact files.
- Capability inventory: The skill is designed for local data management and conversational interviewing; it does not utilize subprocess execution, dynamic code evaluation, or network-enabled tools in the provided scripts.
- Sanitization: No evidence of sanitization or content filtering was found for the data read from external files before it is processed into the work history profile.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata