Skills
skills/jpcwhj/job-hunt/job-hunt-analyzer/Gen Agent Trust Hub

job-hunt-analyzer

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the md5 shell command to generate file hashes for integrity checks. This command utilizes the <work_dir> variable; if the host environment fails to sanitize this input properly, it could potentially be exploited for command injection.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted content from user resumes and job descriptions.\n
  • Ingestion points: Reads data from resume.md and multiple job description files located in the jd-pool/ directory.\n
  • Boundary markers: The skill outlines semantic rules for filtering blocks and lines (e.g., skipping headers or blocks without action verbs), but these are functional filters rather than security boundaries designed to prevent command interpretation.\n
  • Capability inventory: The skill possesses the ability to execute shell commands (md5) and perform file system write operations to multiple files like resume.star.md and state.json.\n
  • Sanitization: No explicit sanitization, escaping, or filtering of the untrusted text is performed before the data is used in scoring logic or written to persistent files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 07:14 PM
Security Audit — agent-trust-hub — job-hunt-analyzer