job-seeker
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill extracts personal information from local PDF resumes and LinkedIn ZIP exports (which include connection lists and work history). This sensitive data is then transmitted to the remote API gateway at api.serendb.com for processing by external language models. While this functionality is central to the skill's automated parsing, it involves the transmission of Personally Identifiable Information (PII) to third-party servers managed by the vendor.\n- [PROMPT_INJECTION]: The skill's architecture is vulnerable to indirect prompt injection due to the ingestion of unvetted external content that is subsequently used in LLM prompts.\n
- Ingestion points: The skill ingests data from local resumes and LinkedIn exports, as well as external company research and hiring signals fetched from the Perplexity and Exa APIs.\n
- Boundary markers: No delimiters or defensive framing (e.g., instructions to ignore embedded commands) are utilized in the prompts defined in scripts/agent.py or scripts/seren_client.py.\n
- Capability inventory: The agent has network access through its central API client and the capability to write to the local filesystem for database management and logging.\n
- Sanitization: There is no evidence of sanitization, validation, or escaping of ingested external text before it is interpolated into the outreach generation prompts.
Audit Metadata