candidate-screening
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local shell commands such as 'npm run screen' and 'cat' to interact with a screening tool and read generated reports.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from resumes and job applications. Adversarial candidates could embed instructions within their application text to manipulate the AI's scoring logic. Ingestion points: Job application data and resumes processed via Greenhouse. Boundary markers: None defined in the reporting templates. Capability inventory: Local command execution and file reading. Sanitization: No evidence of input validation or sanitization for candidate-provided text.
- [DATA_EXFILTRATION]: The skill handles sensitive Personal Identifiable Information (PII) from applicants and includes instructions for potentially sending this data to external communication channels like Slack via command-line arguments.
Audit Metadata