interview-coach
Pass
Audited by Gen Agent Trust Hub on May 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection due to the processing of untrusted external content.
- Ingestion points: Untrusted data enters the agent's context through raw interview transcripts in
references/commands/analyze.md, resume text inreferences/commands/kickoff.md, and job descriptions inreferences/commands/decode.mdandreferences/commands/prep.md. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the AI to ignore instructions that may be contained within the ingested resumes, job descriptions, or transcripts.
- Capability inventory: According to the
.claude/settings.jsonfile, the agent is grantedRead,Edit,Write,WebFetch, andWebSearchpermissions. The coreSKILL.mdinstructions frequently direct the agent to perform write operations to thecoaching_state.mdfile. - Sanitization: Absent. There is no evidence of sanitization or filtering logic intended to remove potentially malicious instructions from external documents before they are processed by the agent.
- [SAFE]: The skill uses a local file named
coaching_state.mdfor session continuity, which is a standard feature for this type of agent and does not constitute a malicious persistence mechanism. - [SAFE]: Network operations conducted via the
WebFetchandWebSearchtools are directed at established and well-known domains likelevels.fyi,glassdoor.com, andlinkedin.comfor legitimate research purposes and do not indicate data exfiltration.
Audit Metadata