linkedin-recruiting

Fail

Audited by Snyk on Jul 5, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The code intentionally sends candidate PII to an external model subprocess (claude -p) with a flag that bypasses permissions, and it persistently writes resumes/notes into a user vault path (defaulting to an iCloud‑synced Obsidian folder) plus debug dumps — together these are deliberate design choices that enable unauthorized data exfiltration of applicants' sensitive information.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). Outsider free text is ingested from LinkedIn applicant pages/resumes via the burner Applicants UI (Playwright extracts name/headline/location/answers and optionally downloads resume text into resume_text), then the triage step passes that candidate content into the LLM context (triage.pycall_json(system + user) with {CANDIDATES_JSON} containing the extracted fields).

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 5, 2026, 06:05 PM
Issues
2
Security Audit — snyk — linkedin-recruiting