indeed-job-search
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bash
evalcommand to execute the output of local Python scripts. It also performs file read/write operations to manage a state file (browser-act-skill-forge-memories/indeed-jobs-scraper-indeed-job-search.memory.md) used for cross-session tracking.\n- [DATA_EXFILTRATION]: The skill is designed to extract job listing data from Indeed.com and return it to the agent. This involves network requests via the browser'sfetchAPI to Indeed's internal endpoints, which is the primary intended function of the skill.\n- [PROMPT_INJECTION]: The skill processes untrusted external data from Indeed.com (search results and job descriptions). \n - Ingestion points: Search result metadata from
window.mosaicand job details from/viewjobAPI responses.\n - Boundary markers: Lacks explicit delimiters or instructions to isolate external data from the agent's control flow.\n
- Capability inventory: Access to browser-level
fetchand the ability to execute generated JavaScript via shell commands.\n - Sanitization: The skill does not validate or sanitize externally sourced job IDs before interpolating them into JavaScript code templates in
fetch-job-detail.py.\n- [REMOTE_CODE_EXECUTION]: JavaScript code is dynamically constructed in Python using string interpolation of external data (job IDs) and executed in the browser. This creates a potential injection vector where malicious data from the target site could influence script execution logic.
Audit Metadata