cv-generator
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, presenting an indirect prompt injection surface.
- Ingestion points: LinkedIn URLs, personal portfolio websites, and user-uploaded documents (CVs, Job Descriptions).
- Boundary markers: No specific structural delimiters are defined to isolate external data content.
- Capability inventory: The agent performs network fetches, document parsing, and OCR processing.
- Sanitization: Employs a mandatory 'anti-hallucination enforcement gate' that blocks output if details cannot be verified directly from the source data.
- [EXTERNAL_DOWNLOADS]: Retreives profile and portfolio information from user-specified URLs. This is an intended functionality for data aggregation.
- [DATA_EXFILTRATION]: Processes sensitive personal information from resumes and profiles. The data flow is directed toward generating a user-facing document; no unauthorized transmission to third-party servers was detected.
- [COMMAND_EXECUTION]: Instructions include performing OCR on scanned PDFs. This uses standard platform tools for document processing and does not involve arbitrary command execution.
Audit Metadata