Resume Master

This skill appears to implement its stated purpose, but review and mitigate the following before installing or using it: - External asset fetching: the HTML templates reference Google Fonts, Font Awesome, and an OSS photo URL. Rendering via headless Chrome will fetch those resources from the network; if you need fully offline rendering, remove or inline external assets. - Local binary requirements: the scripts expect headless Chrome (chrome/chrome.exe), and optionally Poppler (pdftoppm), ImageMagick (magick), pdfinfo, or Python packages (pymupdf, pypdf). Ensure these are installed and available, or the scripts will fail. The skill metadata does not declare these, so plan for them. - Privacy of resume content: the workflow converts PDFs to images and instructs the agent to use image-understanding tools. Verify where image-understanding is performed — if it uses cloud vision APIs, your users' resumes (personal data) may be transmitted externally. If you want to avoid that, run the vision step with an offline tool or keep processing local. - Run in an isolated environment: because rendering will run subprocesses and invoke Chrome, consider running the skill in a sandboxed/isolated environment with limited network access if you are concerned about data leakage. - Small code review: the included Python scripts use subprocess calls but pass arguments as lists (no shell string interpolation), which reduces command-injection risk. Still, avoid passing untrusted template content or filenames with unexpected characters; validate/escape filenames if you integrate externally. If you want to proceed: remove or replace remote assets in templates (inline fonts/images), ensure binaries are installed locally, and confirm the vision tool used for reading images is configured to process data locally (or you accept cloud processing).