Skills
skills/gooseworks-ai/goose-skills/job-search/Snyk

job-search

Warn

Audited by Snyk on May 5, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (Steps 1–5) explicitly instructs the agent to call third‑party APIs (e.g., fiber /v1/job-search, brand-dev /v1/brand/retrieve, hunter /v2/email-finder) to ingest public job listings, company and people data that the agent reads and uses to decide outreach and next actions, exposing it to untrusted/open-web user-generated content.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 12:10 PM
Issues
1