Skills
skills/athina-ai/goose-skills/job-posting-intent/Gen Agent Trust Hub

job-posting-intent

Fail

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The scripts scripts/create_sheet.py, scripts/create_sheet_mcp.py, and scripts/search_jobs.py contain a hardcoded JSON Web Token (RUBE_TOKEN). This credential provides unauthorized access to the Rube/Composio platform.
  • [REMOTE_CODE_EXECUTION]: The skill programmatically constructs Python code blocks and transmits them to the RUBE_REMOTE_WORKBENCH tool for execution on a remote server.
  • [DATA_EXFILTRATION]: Data extracted from external job postings, including company descriptions and website URLs, is transmitted to third-party endpoints at api.apify.com and rube.app.
  • [PROMPT_INJECTION]: The skill processes untrusted job description text from LinkedIn to extract buying intent signals. Ingestion points: LinkedIn job data is retrieved via the Apify API in scripts/search_jobs.py. Boundary markers: No delimiters or safety instructions are used to separate untrusted text from logic. Capability inventory: The skill can perform network operations and execute remote code. Sanitization: Job description text is processed directly for signal extraction without sanitization.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 23, 2026, 01:07 PM