job-scraper
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto interact with the Apify API, executing shell commands to start scraping runs and retrieve data.- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface by ingesting and displaying untrusted job descriptions from external platforms. Maliciously crafted job postings could potentially influence the agent's actions. Mandatory Evidence Chain: 1. Ingestion points: LinkedIn and Indeed job descriptions via Apify API (SKILL.md). 2. Boundary markers: Absent; scraped text is presented without delimiters. 3. Capability inventory: File writing (CSV export) and network operations (Apify API calls). 4. Sanitization: None; external content is used directly as provided by the API.
Audit Metadata