job-post-builder
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [OBFUSCATION]: The skill instructions and examples contain homoglyph characters in domain-like strings and service names. This involves using Unicode characters from the Cyrillic script that are visually identical to Latin characters (e.g., in 'hh.ru' and 'nopaper'). While this may result from keyboard layout errors in localized content, such techniques are commonly used to evade automated security scanners or to perform phishing by directing agents to visually similar but malicious domains.
- Evidence in
SKILL.md: Multiple occurrences of 'hh.ru' and 'nopaper'. - Evidence in
reference/examples/worked-example.md: 'hh.ru' and 'nopaper'. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and processing untrusted data from external websites.
- Ingestion points: The skill performs web searches on job boards (HeadHunter, Avito, VK Работа) and reads existing files from local/cloud storage (
~~хранилище). - Boundary markers: The skill lacks explicit boundary markers or 'ignore' instructions when interpolating fetched content into its prompt context or generating documents.
- Capability inventory: The agent can write files (via
docxskill), interact with browser sessions (viaClaude in Chrome), and interact with the user. This combination allows for a malicious payload in a job description to potentially influence document generation or browser actions. - Sanitization: No evidence of sanitization, filtering, or validation of the external content before it is used to build vacancies, interview guides, and offer letters.
Audit Metadata