job-posting-match
Warn
Audited by Snyk on Jun 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Runtime path: the skill fetches public JobKorea/Saramin search result HTML pages (outsider-authored web content) via
fetch()→search_jobkorea()/search_saramin()→parse_jobkorea()/parse_saramin(), then converts scraped text into LLM-readable fields (title,company,summary) that are included in the final output context.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata