job-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls Apify actors to scrape public job postings from LinkedIn and Indeed (see Phase 1 API calls to automation-lab/linkedin-jobs-scraper and borderline/indeed-scraper) and ingests descriptionText/descriptionHtml and other scraped fields which the agent parses and uses for filtering, deduplication, presentation, and decision-making, thereby exposing it to untrusted third‑party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime API calls to Apify actor endpoints (e.g. https://api.apify.com/v2/acts/automation-lab~linkedin-jobs-scraper/runs?token=$APIFY_API_TOKEN and https://api.apify.com/v2/acts/borderline~indeed-scraper/runs?token=$APIFY_API_TOKEN) which execute remote scraping code on Apify and are a required dependency (APIFY_API_TOKEN), so they constitute execution of remote code at runtime.