tailor-resume
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts text from third-party job posting URLs and processes it without sanitization (SKILL.md). 1. Ingestion points: Job description text extracted via browser tools from external URLs. 2. Boundary markers: No delimiters or safety instructions are used to isolate external content. 3. Capability inventory: The skill has read/write access to sensitive user data in ~/.proficiently/ and the ability to use browser tools. 4. Sanitization: There is no evidence of filtering or validating external content before processing.
- [DATA_EXFILTRATION]: The skill manages sensitive personal files, including resumes and work history profiles in the ~/.proficiently/ directory (SKILL.md). While this is necessary for tailoring, it creates a risk of data exposure if the agent is manipulated by untrusted external input.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata