Security Audit
varunr89/resume-tailoring-skill:skills/resume-tailoring
github.com/varunr89/resume-tailoring-skillTrust Assessment
varunr89/resume-tailoring-skill:skills/resume-tailoring received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include User-controlled resume directory allows arbitrary file system access, Unvalidated user input in WebSearch/WebFetch queries could lead to SSRF or data exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 29, 2026 (commit 9a4a0f20). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | User-controlled resume directory allows arbitrary file system access The skill explicitly states that the user can provide a custom path for their resume library ('User provides path OR default to ./resumes/'). Subsequently, it uses a 'Glob tool' to scan for markdown files within this user-specified directory and a 'Read tool' to load their content. If the user provides a path outside the intended skill data directory (e.g., `/etc/`, `/var/log/`, `~/.ssh/`), the skill could be coerced into reading sensitive system files or user data. This constitutes an excessive permission risk as the skill's file system access is not sufficiently scoped, and a data exfiltration risk if an attacker can craft a malicious path to read sensitive files. Restrict the `resume_directory` path to a predefined, sandboxed location (e.g., a subdirectory within the skill's own data directory) or implement robust path sanitization to prevent directory traversal (e.g., `os.path.abspath`, `os.path.realpath` combined with checking if the resolved path is within an allowed base directory). The `Glob` and `Read` tools should also enforce these restrictions. | LLM | SKILL.md:170 | |
| MEDIUM | Unvalidated user input in WebSearch/WebFetch queries could lead to SSRF or data exfiltration The 'Research Phase' involves making external network requests using 'WebSearch queries' and 'WebFetch'. The queries are constructed using `{company}` and `{job_title}` which are derived from user input (job description). If these inputs are not properly validated and sanitized before being used in network requests, an attacker could potentially inject malicious URLs or parameters. This could lead to Server-Side Request Forgery (SSRF) if the underlying `WebSearch` or `WebFetch` tools allow arbitrary URL fetching, enabling the skill to access internal network resources. It could also be used for data exfiltration if an attacker can redirect the skill to send data to an attacker-controlled server. Implement strict validation and sanitization of `{company}` and `{job_title}` before they are used in `WebSearch` or `WebFetch` queries. Ensure that the `WebSearch` and `WebFetch` tools are configured to only access whitelisted external domains and prevent access to internal network resources or arbitrary IP addresses. | LLM | SKILL.md:210 |
Scan History
Embed Code
[](https://skillshield.io/report/7d80f0b9642669a7)
Powered by SkillShield