resume-writer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection because it is designed to ingest and process untrusted external data while possessing significant system capabilities. (1) Ingestion points: User-provided resume files are ingested using the
Readtool. (2) Boundary markers: Absent; there are no delimiters or instructions to ignore commands embedded within the input data. (3) Capability inventory: The skill has permissions to useWrite,Edit, andBashtools. (4) Sanitization: Absent; no logic is present to sanitize or filter external content before processing. - [COMMAND_EXECUTION] (MEDIUM): The skill instructions explicitly allow the use of the
Bashtool for file conversions. While intended for utility, this provides an execution vector that could be exploited if an attacker successfully injects commands via a resume file.
Recommendations
- AI detected serious security threats
Audit Metadata