boss-job-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The script
scripts/browser-use.pycontains logic inget_api_key()that writes theAGENTBAY_API_KEYto~/.config/agentbay/api_keyin plaintext. Storing sensitive credentials in a persistent, unencrypted file on the local filesystem is a significant security risk.\n- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). \n - Ingestion points: Data enters the agent context when
agent.browser.execute_taskvisits and parses content fromzhipin.com. \n - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the processed web content. \n
- Capability inventory: The browser agent has the capability to navigate URLs, click elements, and input text in the remote browser session. \n
- Sanitization: None; external content from the website is interpreted directly by the LLM-powered browser agent, which could allow a malicious job listing to hijack the agent's session.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of
wuying-agentbay-sdk. This package does not originate from a source within the predefined trusted scope, requiring verification of its origin and integrity before installation.\n- COMMAND_EXECUTION (LOW): The skill executes a Python script that passes raw strings to a browser automation tool. While the browser environment itself is remote, the pattern allows for complex browser actions driven by potentially untrusted input.
Recommendations
- AI detected serious security threats
Audit Metadata