job-posting-intent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses the Apify LinkedIn Job Search actor (harvestapi/linkedin-job-search) to fetch public LinkedIn job postings and the scripts (e.g., scripts/search_jobs.py — extract_personalization and qualify_and_build_rows) directly read and interpret job description text to compute signal strength, outreach angles, and suggested decision-makers, so untrusted public content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes external runtime endpoints that execute remote code and are required by default—the Apify actor endpoints (e.g., https://api.apify.com/v2 and https://apify.com/harvestapi/linkedin-job-search) are used at runtime to run scraping actors, and the Rube MCP endpoints (https://rube.app and https://rube.app/mcp) are called to execute submitted workbench code for Google Sheet creation—so remote code execution is performed by required external services.