JD Resume Tailor

This skill seems to do what it claims (collect a profile and produce a tailored HTML/PDF resume), but there are important mismatches you should address before trusting it with real data: - Metadata vs instructions mismatch: The SKILL.md expects a headless browser (Edge/Chrome) and also accepts JD URLs, but the registry entry lists no required binaries and says "No network requests." Confirm whether the skill will access the network and whether it will run local browser executables. If network fetches are allowed, decide if you trust the agent to fetch arbitrary URLs. - PII storage: The skill saves resume-profile.md and outputs under workspace/resumes/. These files will contain sensitive personal data (contact info, birth date, etc.). Ensure you are comfortable storing that data in your workspace and that backups or sync won't leak it. - Execution behavior: The skill includes exact PowerShell commands to launch browsers in headless mode. If you install this, verify (in a safe environment) that the agent only invokes local browsers to render the HTML and does not pass data to external services. If you don't want automatic PDF export, ask the skill/agent to only generate HTML and not run the headless commands. - Minimal testing: Before providing your real resume data, test the skill with dummy data to observe whether it attempts unexpected network access or runs commands you didn't intend. - Suggested fixes for the publisher: declare required binaries (msedge/chrome) or provide an install spec; clarify whether URL input will cause outbound network requests; and document where files are written and how long they persist. Given these inconsistencies, treat the skill as suspicious until the author clarifies the network and binary requirements and you confirm the run behavior in a controlled test.