backend-dev
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a pattern for LLM interaction that is susceptible to indirect prompt injection.
- Ingestion points: The
improve_textfunction inSKILL.mdaccepts atextstring which is intended to be resume content. - Boundary markers: Absent. The prompt is constructed using direct f-string interpolation (
f"Improve this resume text:\n\n{text}") without the use of delimiters (like XML tags or triple quotes) or 'ignore instructions' warnings to the LLM. - Capability inventory: The skill metadata explicitly allows high-privilege tool access via
Bash(python:*),Bash(pip:*), andBash(uv:*), making the impact of a successful injection high. - Sanitization: No sanitization, escaping, or validation logic is defined to check the
textinput for embedded instructions or adversarial content.
Audit Metadata