jobgpt
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untrusted external sources such as job board URLs and external job listings.\n
- Ingestion points: Data enters the agent context through tools like
import_job_by_url(SKILL.md),search_jobs(SKILL.md), andmatch_jobs(SKILL.md).\n - Boundary markers: The skill instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious commands embedded within the fetched job data.\n
- Capability inventory: The agent has access to several sensitive tools that could be abused if an injection is successful, including
apply_to_job,send_outreach,update_profile, andupload_resume(SKILL.md).\n - Sanitization: There is no evidence of content sanitization or validation performed on the external data before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
jobgpt-mcp-serverpackage via npm and connects to a remote MCP endpoint athttps://mcp.6figr.com/mcp. These resources are provided by the official service vendor (6figr.com).
Audit Metadata