Skills
skills/tinyfish-io/tinyfish-cookbook/interview-prep/Gen Agent Trust Hub

interview-prep

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted data from external platforms (Glassdoor, Blind, Reddit).
  • Ingestion points: Scraped content from search results and forum posts in SKILL.md.
  • Boundary markers: The sub-agents are instructed to extract data directly, but there are no explicit delimiters or instructions to ignore potential malicious prompts embedded within the scraped text.
  • Capability inventory: The skill executes shell commands (tinyfish, cat, echo) and performs network operations via the TinyFish agent tool.
  • Sanitization: No content sanitization is performed on the scraped data before it is presented to the user or processed by the LLM.
  • [COMMAND_EXECUTION]: The skill uses shell commands to manage its scraping pipeline and output results.
  • Evidence: In SKILL.md, it executes tinyfish agent run, wait, cat, and echo to coordinate parallel background processes and display the final JSON data. This is standard behavior for the intended functionality.
  • [EXTERNAL_DOWNLOADS]: The skill references external tools and a third-party repository for installation.
  • Evidence: The README.md provides instructions to install the tinyfish CLI via npm and adds the skill using npx skills add from a community GitHub repository (KrishnaAgarwal7531/skills-).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:37 PM