openhr
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed around the execution of multiple local Python scripts (e.g.,
boss_login.py,boss_greet.py,chat_engine.py,resume_parser.py) to automate browser interactions and data processing. - [DATA_EXFILTRATION]: The skill includes functionality to upload extracted resume information to an external platform (Feishu/Lark) via
scripts/feishu_upload.pyusing configuration fromconfig/feishu.json. - [CREDENTIALS_UNSAFE]: The documentation explicitly mentions the storage of sensitive credentials in local files, including:
config/llm.json: Containsapi_keyfor LLM providers.config/feishu.json: Containsapp_idandtable_idfor Feishu integration.data/cookies/boss_cookies.json: Stores authentication cookies for Boss Zhipin, which could be used for session hijacking if compromised.- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it processes untrusted data from external sources:
- Ingestion points:
scripts/resume_parser.pyingests content from PDF/DOCX resumes, andscripts/chat_engine.pyingests incoming chat messages from candidates. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are mentioned in the documentation.
- Capability inventory: The agent has the capability to execute shell commands, read/write local files, and make network requests to LLM and Feishu APIs.
- Sanitization: There is no evidence of sanitization or filtering of the content extracted from resumes or chat messages before it is passed to the LLM for decision-making.
Audit Metadata