job-scraper

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl commands to interact with the Apify API to trigger and retrieve results from job scraping tasks. This is a standard method for API integration within this environment.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of ingesting third-party job listings.
  • Ingestion points: External job descriptions, titles, and company metadata are retrieved from LinkedIn and Indeed via Apify actors (automation-lab/linkedin-jobs-scraper and borderline/indeed-scraper).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when presenting scraped content to the agent.
  • Capability inventory: The skill performs network operations via curl and is capable of generating and writing CSV files to the local system.
  • Sanitization: There is no mention of sanitizing or escaping the text of job descriptions before they are processed by the agent or exported to files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:06 PM
Security Audit — agent-trust-hub — job-scraper