jobsoid
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
membraneCLI tool for managing Jobsoid data. This is the intended behavior for interacting with the vendor's integration platform. - [EXTERNAL_DOWNLOADS]: The skill references the installation of the
@membranehq/clipackage from the official npm registry. As this is a well-known package registry and the tool is provided by the skill's author, this is considered a safe and standard dependency for the integration. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were detected. The skill correctly leverages Membrane's connection management system to handle authentication server-side, preventing the exposure of API keys in the prompt or local environment.
- [DATA_EXFILTRATION]: No suspicious network operations or sensitive file access patterns were found. Network activity is limited to interactions with the Jobsoid API through the established Membrane proxy.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from Jobsoid API responses (e.g., job applications, candidate profiles). While this provides an attack surface for indirect prompt injection, it is the primary functional purpose of the integration and does not include exploitable capability patterns or lack of boundary instructions that would elevate the risk level.
Audit Metadata