resume-assistant
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends downloading and installing a
.skillpackage from a personal GitHub repository (Y1fe1-Yang/resume-assistant-skill). This source is not a verified vendor or a trusted organization, posing a risk of installing malicious or unverified code into the agent environment. - [COMMAND_EXECUTION]: The system configuration invokes multiple local Python scripts (e.g.,
create_pdf_resume.py,create_web_resume.py) using subprocess commands. Because the logic of these scripts is external to the provided files, their safety and adherence to security best practices cannot be confirmed. - [PROMPT_INJECTION]: The
SKILL.mdfile contains strong instructional overrides that forbid the agent from writing its own code, mandating the use of specific external scripts. This technique can be used to bypass safety filters by forcing the agent to rely on potentially vulnerable or malicious pre-written scripts. - [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection. It is designed to ingest and process untrusted data from job descriptions (JD) and existing resumes to generate outputs. The lack of boundary markers or sanitization instructions for these inputs allows an attacker to embed instructions that could hijack the agent's behavior, especially given its capabilities for file writing and command execution.
- [NO_CODE]: The provided skill structure is limited to instructional markdown. The actual operational logic is offloaded to Python scripts and external resources that are not included in the analysis, effectively hiding the tool's behavior from static security inspection.
Recommendations
- AI detected serious security threats
Audit Metadata