Skills
skills/membranedev/application-skills/jobscore/Gen Agent Trust Hub

jobscore

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the npm registry. This is a vendor-provided tool used to manage the authentication and communication layer with the JobScore service.
  • [COMMAND_EXECUTION]: The instructions involve executing various membrane CLI commands to perform login, establish connections, and run actions. These commands are the primary mechanism for the skill's functionality and are used as documented by the vendor.
  • [PROMPT_INJECTION]: A potential attack surface for indirect prompt injection exists because the skill processes data from an external ATS (JobScore). If external records, such as candidate notes or job descriptions, contain malicious instructions, they could potentially influence the agent's behavior when processed. This is an inherent risk when handling external user-generated content.
  • [DATA_EXFILTRATION]: Data is transferred between the local environment and JobScore via the Membrane platform. The skill is designed to use Membrane as a secure proxy, which is intended to reduce the risk of direct credential exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:19 AM