resume-builder
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates PDF files by executing Python code with the reportlab library.
- [EXTERNAL_DOWNLOADS]: The skill fetches external content from job posting URLs using the web_fetch tool.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection when processing untrusted job description data.
- Ingestion points: Job descriptions retrieved from external URLs via web_fetch (SKILL.md).
- Boundary markers: Not specified; there are no instructions to use delimiters or ignore embedded commands in the fetched text.
- Capability inventory: Python execution for PDF generation and read access to font assets (SKILL.md).
- Sanitization: Not specified; fetched content is used to tailor the resume language without validation.
Audit Metadata