greenhouse
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Uses shell commands (
curl) and a diagnostic tool (zero) to interact with the Greenhouse API and verify connection health. These commands correctly handle environment variables and use temporary files for data staging. - [EXTERNAL_DOWNLOADS]: Fetches recruiting and candidate data from official Greenhouse API endpoints (
harvest.greenhouse.io). Greenhouse is recognized as a well-known service, and the data access is necessary for the skill's functionality. - [CREDENTIALS_UNSAFE]: Instructions recommend using the
GREENHOUSE_TOKENenvironment variable for authentication. The implementation of HTTP Basic Auth follows the official API documentation requirement for encoding. - [DATA_EXFILTRATION]: While the skill accesses sensitive applicant tracking data, all network activity is restricted to the legitimate Greenhouse Harvest API. No unauthorized external transmission was detected.
Audit Metadata