indeed-job-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the bash eval command to execute the output of local Python scripts. It also performs file read/write operations to manage a state file (browser-act-skill-forge-memories/indeed-jobs-scraper-indeed-job-search.memory.md) used for cross-session tracking.\n- [DATA_EXFILTRATION]: The skill is designed to extract job listing data from Indeed.com and return it to the agent. This involves network requests via the browser's fetch API to Indeed's internal endpoints, which is the primary intended function of the skill.\n- [PROMPT_INJECTION]: The skill processes untrusted external data from Indeed.com (search results and job descriptions). \n
  • Ingestion points: Search result metadata from window.mosaic and job details from /viewjob API responses.\n
  • Boundary markers: Lacks explicit delimiters or instructions to isolate external data from the agent's control flow.\n
  • Capability inventory: Access to browser-level fetch and the ability to execute generated JavaScript via shell commands.\n
  • Sanitization: The skill does not validate or sanitize externally sourced job IDs before interpolating them into JavaScript code templates in fetch-job-detail.py.\n- [REMOTE_CODE_EXECUTION]: JavaScript code is dynamically constructed in Python using string interpolation of external data (job IDs) and executed in the browser. This creates a potential injection vector where malicious data from the target site could influence script execution logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — indeed-job-search