Oathe Security Badge

Is ayushmall0710/skill-resume-tailor safe?

https://github.com/ayushmall0710/skill-resume-tailor

96
SAFE

This skill appears to be a legitimate resume tailoring tool that helps users customize LaTeX resumes for job applications. It includes a structured workflow with user approval steps and contains a Python script for LaTeX compilation that appears benign.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Python script included for LaTeX compilation -10

The skill includes a Python script (compile_resume.py) that compiles LaTeX files to PDF. While the script appears legitimate and serves the stated purpose of resume generation, any executable code increases the attack surface.

INFO Complex instruction set -5

The skill contains detailed and complex instructions for resume tailoring workflow. While no malicious prompt injection was detected, the complexity could potentially be confusing or lead to unexpected behavior.