The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill is installed via npx skills add dbhat93/job-search-os, which downloads components from an untrusted GitHub repository rather than a verified source.
[PROMPT_INJECTION]: The author identified in the skill metadata ('dbhat93') does not match the provided author context ('sickn33'), which constitutes deceptive metadata.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data.
Ingestion points: Resumes, job descriptions, and interview transcripts are ingested through the /coach analyze and /coach kickoff commands.
Boundary markers: The documentation does not define any delimiters or safety instructions to isolate untrusted data from system prompts.
Capability inventory: The skill utilizes the claude tool to analyze, score, and provide feedback on external inputs.
Sanitization: There is no mention of sanitization or validation methods for the external documents provided by the user.

interview-coach