legal-job-search
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted content from external Job Descriptions and search results into its generation prompts.\n
- Ingestion points: External Job Descriptions (JD) and company data are ingested via
SKILL.mdandmaterials-prompt-template.md.\n - Boundary markers: There are no explicit delimiters or instructions for the AI to ignore instructions embedded within the untrusted JD text or search findings.\n
- Capability inventory: The skill uses
Web Search, writes local HTML/Markdown files, and generates Word documents using thedocxskill.\n - Sanitization: No sanitization of external text is performed before it is used to influence resume and memo generation.\n- [COMMAND_EXECUTION]: The skill includes a Python script
scripts/detect_mcp.pythat identifies available Model Context Protocol (MCP) tools in the system. The agent is instructed to use functional matching to find tools, and the script serves as a utility for discovery.\n- [EXTERNAL_DOWNLOADS]: The skill's documentation guides the user to install well-known utilities such asvercelandhttp-servervia NPM for resume deployment and testing. These references point to established services and do not involve automated execution by the agent.
Audit Metadata