Skills
skills/theaayushstha1/job-applier-agent/apply-job/Gen Agent Trust Hub

apply-job

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses explicit override instructions ('AUTO-PROCEED Mode', 'JUST DO IT', 'DO NOT ask for confirmation') to force the agent to bypass standard interactive safety checks. This significantly increases the risk that malicious instructions encountered during the automated workflow will be executed without the user's knowledge.
  • [REMOTE_CODE_EXECUTION]: The skill contains a dangerous dynamic execution pattern in WORKFLOWS.md and SKILL.md. It instructs the agent to fetch job descriptions from external URLs and use that untrusted content to modify a Python script (create_resume.py), which is then executed locally via the Bash tool. This is a primary vector for Indirect Prompt Injection leading to local code execution.
  • Ingestion points: Job descriptions are fetched from arbitrary external URLs using WebFetch and Playwright.
  • Boundary markers: No boundary markers or delimiters are used; the agent is instructed to directly reword and insert external content into Python script logic.
  • Capability inventory: The agent has access to Bash, Write, and Edit tools to generate and run local scripts, as well as Playwright tools to navigate the web.
  • Sanitization: No sanitization or validation of the external content is performed before it is interpolated into the executable script.
  • [EXTERNAL_DOWNLOADS]: The install.sh script and SETUP.md recommend a curl | bash installation pattern from a remote repository. While this repository belongs to the skill author, executing remote scripts directly into the shell is a high-risk pattern that can be used to deliver malicious payloads.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to perform sensitive local actions, including the execution of dynamically created Python files and the management of files in the user's home directory (~/job-applier-agent).
  • [DATA_EXFILTRATION]: The skill manages highly sensitive PII in profile.json (name, email, phone, location, work history). Due to the automated outreach capabilities and the lack of human-in-the-loop (via AUTO-PROCEED), a malicious job posting could exploit the agent's browse/search tools to exfiltrate this personal data to an external server.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 04:32 PM