Skills
skills/thecraighewitt/skills/hiring/Gen Agent Trust Hub

hiring

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes potentially untrusted data from external sources and user inputs to generate hiring documentation.\n
  • Ingestion points: Content is read from BUSINESS_CONTEXT.md and user-provided candidate background summaries.\n
  • Boundary markers: The skill lacks explicit delimiters or instructions for the agent to distinguish between trusted instructions and potentially malicious commands embedded in the ingested data.\n
  • Capability inventory: The skill allows writing to the local file system, including creating or updating BUSINESS_CONTEXT.md and files within the hiring/ directory.\n
  • Sanitization: No evidence of validation, escaping, or filtering of the ingested data is present before it is used in prompt interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 12:36 PM