Skills
skills/gooseworks-ai/goose-skills/job-posting-intent/Gen Agent Trust Hub

job-posting-intent

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill utilizes the RUBE_REMOTE_WORKBENCH tool to run dynamically generated Python code in a remote execution environment. This code handles spreadsheet creation and formatting via the Google Sheets API.
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (search_jobs.py, create_sheet_mcp.py) that manage the scraping workflow, data qualification, and communication with external APIs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the processing of external data from job postings.
  • Ingestion points: Job titles, descriptions, and company details are scraped from LinkedIn using the Apify API in scripts/search_jobs.py.
  • Boundary markers: No delimiters or instructions are employed to distinguish external data from the agent's core instructions.
  • Capability inventory: The skill has network access to Apify and Rube APIs and the ability to execute code remotely via the Rube workbench.
  • Sanitization: Job description text is truncated but not sanitized for instruction-like patterns before processing.
  • [EXTERNAL_DOWNLOADS]: The skill connects to api.apify.com for job data and rube.app for its spreadsheet integration service. These are well-known services relevant to the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM