linkedin-jobs-search

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is vulnerable to code injection because user-provided parameters like keywords, location, and job_id are directly interpolated into JavaScript code within scripts/job-detail.py and scripts/search-jobs.py. Since these parameters are not sanitized before being embedded in script templates, an attacker can provide crafted input (e.g., \' + alert(1) + \') to break out of the string context and execute arbitrary JavaScript in the user's authenticated LinkedIn session.
  • [PROMPT_INJECTION]: The skill extracts unstructured data from LinkedIn, creating an indirect prompt injection surface. 1. Ingestion points: Job descriptions fetched in scripts/job-detail.py. 2. Boundary markers: None present to distinguish untrusted data from instructions. 3. Capability inventory: Access to browser-act tool and shell execution. 4. Sanitization: No filtering or escaping is applied to job description content before it enters the agent's context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — linkedin-jobs-search