review-software-engineer-cv

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted input from user-provided job postings and CVs, creating a surface for indirect prompt injection. Malicious instructions embedded in these documents could attempt to override the agent's behavior during the review process.
  • Ingestion points: JOB_POSTING and CV inputs processed in SKILL.md and subagents/source-intake-analyst.md.
  • Boundary markers: Absent; text is interpolated into subagent prompts without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: Read-only network access for URL inspection and guidance fetching.
  • Sanitization: No validation or sanitization of external text is described.
  • [EXTERNAL_DOWNLOADS]: The skill fetches resume guidance and industry standards from well-known sources including Yale University, Princeton University, and O*NET. It may also inspect job posting URLs provided by the user. These operations are read-only and targeting reputable domains.
  • [DATA_EXFILTRATION]: The skill handles sensitive candidate PII from resumes but includes explicit policy controls in references/cv-review-contract.md and references/external-sources.md that prohibit the submission of CV text, applicant context, or drafts to external resume scanners or third-party analysis tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 06:40 AM
Security Audit — agent-trust-hub — review-software-engineer-cv