review-software-engineer-cv
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from user-provided job postings and CVs, creating a surface for indirect prompt injection. Malicious instructions embedded in these documents could attempt to override the agent's behavior during the review process.
- Ingestion points: JOB_POSTING and CV inputs processed in SKILL.md and subagents/source-intake-analyst.md.
- Boundary markers: Absent; text is interpolated into subagent prompts without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: Read-only network access for URL inspection and guidance fetching.
- Sanitization: No validation or sanitization of external text is described.
- [EXTERNAL_DOWNLOADS]: The skill fetches resume guidance and industry standards from well-known sources including Yale University, Princeton University, and O*NET. It may also inspect job posting URLs provided by the user. These operations are read-only and targeting reputable domains.
- [DATA_EXFILTRATION]: The skill handles sensitive candidate PII from resumes but includes explicit policy controls in references/cv-review-contract.md and references/external-sources.md that prohibit the submission of CV text, applicant context, or drafts to external resume scanners or third-party analysis tools.
Audit Metadata