generate-application
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches job description data from Jina Reader (r.jina.ai) to parse URLs into markdown. This is an expected operation for the skill's functionality.
- [COMMAND_EXECUTION]: Shell commands are used to fetch data via curl and generate application files. The skill also generates a CommonJS module (cv-data.js) intended for execution during the project's build process ('bun run build').
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it ingests untrusted data from external job URLs. * Ingestion points: Job posting content fetched in Step 1. * Boundary markers: None are specified when passing this content to the cover-letter-writer sub-agent or using it for CV data generation. * Capability inventory: The skill has file writing permissions and the ability to dispatch sub-agents. * Sanitization: No sanitization is performed on the fetched external content before it is used in prompt construction.
Audit Metadata