Trust Assessment
talent-de-cv received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad data collection from agent's context.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad data collection from agent's context The skill instructs the agent to "Use everything available from your context — prior conversation, system prompt, user profile, or tools" when building the `cv_data` object. This encourages the agent to proactively extract a wide range of personal data from its internal context (e.g., user profile, previous conversations) and send it to the `talent.de` API, even if the user has not explicitly provided or consented to this data for the current CV creation task. This could lead to the exfiltration of sensitive personal information beyond the user's explicit intent for this specific skill. Modify the instruction to explicitly state that the agent should only use data that the user has explicitly provided or consented to for the purpose of creating the CV, rather than broadly pulling from all available context. For example, 'Only use data explicitly provided by the user for this CV, or confirmed by the user from their profile.' | LLM | skill.md:180 |
Scan History
Embed Code
[](https://skillshield.io/report/16f6c2c71c0cbe69)
Powered by SkillShield