interview-coach

Pass

Audited by Gen Agent Trust Hub on May 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection due to the processing of untrusted external content.
  • Ingestion points: Untrusted data enters the agent's context through raw interview transcripts in references/commands/analyze.md, resume text in references/commands/kickoff.md, and job descriptions in references/commands/decode.md and references/commands/prep.md.
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the AI to ignore instructions that may be contained within the ingested resumes, job descriptions, or transcripts.
  • Capability inventory: According to the .claude/settings.json file, the agent is granted Read, Edit, Write, WebFetch, and WebSearch permissions. The core SKILL.md instructions frequently direct the agent to perform write operations to the coaching_state.md file.
  • Sanitization: Absent. There is no evidence of sanitization or filtering logic intended to remove potentially malicious instructions from external documents before they are processed by the agent.
  • [SAFE]: The skill uses a local file named coaching_state.md for session continuity, which is a standard feature for this type of agent and does not constitute a malicious persistence mechanism.
  • [SAFE]: Network operations conducted via the WebFetch and WebSearch tools are directed at established and well-known domains like levels.fyi, glassdoor.com, and linkedin.com for legitimate research purposes and do not indicate data exfiltration.
Audit Metadata
Risk Level
SAFE
Analyzed
May 31, 2026, 03:01 AM
Security Audit — agent-trust-hub — interview-coach