linkedin-recruiting
Fail
Audited by Snyk on Jul 5, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The code intentionally sends candidate PII to an external model subprocess (claude -p) with a flag that bypasses permissions, and it persistently writes resumes/notes into a user vault path (defaulting to an iCloud‑synced Obsidian folder) plus debug dumps — together these are deliberate design choices that enable unauthorized data exfiltration of applicants' sensitive information.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). Outsider free text is ingested from LinkedIn applicant pages/resumes via the burner Applicants UI (Playwright extracts
name/headline/location/answersand optionally downloads resume text intoresume_text), then the triage step passes that candidate content into the LLM context (triage.py→call_json(system + user)with{CANDIDATES_JSON}containing the extracted fields).
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata