ai-hr-pro
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from multiple external sources.
- Ingestion points: Untrusted data enters the agent's context through the
materialUrl,materialFile, andmaterialTextparameters as defined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: The instructions lack clear delimiters or specific guidance for the model to ignore any instructions that might be embedded within the source materials.
- Capability inventory: The skill utilizes the
scripts/run.pyscript to transmit the collected data to an external API endpoint (https://ai-skills.ai). - Sanitization: There is no evidence of input validation, filtering, or sanitization being applied to the external content before it is processed by the AI.
Audit Metadata