Skills
skills/jpcwhj/job-hunting/job-hunt-analyzer/Gen Agent Trust Hub

job-hunt-analyzer

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the md5 shell command to generate file hashes for cache validation.
  • Evidence: md5 -q <work_dir>/.work/resume.md in SKILL.md.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted text from external sources (resumes and job descriptions) without using boundary markers or sanitization. This could allow an attacker to embed instructions in a resume or job description to influence the agent's scoring or behavior.
  • Ingestion points: Reads content from resume.md and JD files in <work_dir>/.work/jd-pool/.
  • Boundary markers: Absent. Instructions do not specify delimiters or "ignore instructions" wrappers to separate untrusted content from the system prompt.
  • Capability inventory: The agent has file read/write access and shell command execution (md5) capabilities.
  • Sanitization: Absent. The agent is directed to parse and analyze the raw text of the files directly.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 04:10 PM
Security Audit — agent-trust-hub — job-hunt-analyzer