linkedin-jobs-search
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is vulnerable to code injection because user-provided parameters like
keywords,location, andjob_idare directly interpolated into JavaScript code withinscripts/job-detail.pyandscripts/search-jobs.py. Since these parameters are not sanitized before being embedded in script templates, an attacker can provide crafted input (e.g.,\' + alert(1) + \') to break out of the string context and execute arbitrary JavaScript in the user's authenticated LinkedIn session. - [PROMPT_INJECTION]: The skill extracts unstructured data from LinkedIn, creating an indirect prompt injection surface. 1. Ingestion points: Job descriptions fetched in
scripts/job-detail.py. 2. Boundary markers: None present to distinguish untrusted data from instructions. 3. Capability inventory: Access to browser-act tool and shell execution. 4. Sanitization: No filtering or escaping is applied to job description content before it enters the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata