Skills
skills/river-walras/pdf-resume-skills/resume-website/Gen Agent Trust Hub

resume-website

Fail

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute an installation script for the uv tool from its official domain (astral.sh). This is done via piping the remote script directly into a shell or PowerShell interpreter.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a third-party Model Context Protocol server from the npm registry (@sylphx/pdf-reader-mcp). This dependency is from an unverified publisher.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it extracts and utilizes content from untrusted PDF resumes.
  • Ingestion points: Data is extracted from PDFs using a local Python script and the pdf-reader MCP.
  • Boundary markers: The skill does not employ boundary markers to isolate extracted content, which could allow malicious instructions within a PDF to manipulate the agent's behavior.
  • Capability inventory: The agent can run local subprocesses, write files to the system, and interact with other tools.
  • Sanitization: No validation or sanitization is performed on the text extracted from the PDF files before it is processed.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 22, 2026, 12:27 PM