Skills
skills/sickn33/antigravity-awesome-skills/jobgpt/Gen Agent Trust Hub

jobgpt

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external job boards and recruiter profiles.
  • Ingestion points: The import_job_by_url tool retrieves content from external job boards like LinkedIn, Greenhouse, and Workday. The get_job_recruiters tool fetches data from recruiter profiles.
  • Boundary markers: There are no explicit delimiters or instructions defined in the skill to treat this imported external content as untrusted data.
  • Capability inventory: The skill has high-impact capabilities including apply_to_job (automated application submission), send_outreach (email communication), and update_profile (modifying user data), which could be manipulated by malicious instructions hidden in job descriptions.
  • Sanitization: No evidence of sanitization or validation of the ingested job board data is present in the skill instructions.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and execute an external MCP server package.
  • Evidence: The setup instructions direct users to run npx jobgpt-mcp-server and connect to a remote endpoint at https://mcp.6figr.com/mcp.
  • Source: The package and URL are associated with the 6figr.com JobGPT platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 03:23 AM