Skills
skills/claude-office-skills/skills-hub/Applicant Screening/Gen Agent Trust Hub

Applicant Screening

Pass

Audited by Gen Agent Trust Hub on Jun 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external documents (resumes and applications) through MCP tools, which creates an attack surface for indirect prompt injection.
  • Ingestion points: The skill uses extract_text_from_pdf and extract_text_from_docx from the office-mcp server to ingest document content (SKILL.md).
  • Boundary markers: There are no explicit instructions or delimiters used to warn the agent to ignore potentially malicious instructions embedded within the resumes.
  • Capability inventory: The skill's capabilities are focused on candidate_evaluation, requirement_matching, and scoring (SKILL.md).
  • Sanitization: No content sanitization or validation of the ingested text is performed before it is processed by the AI model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 3, 2026, 02:51 PM
Security Audit — agent-trust-hub — Applicant Screening