lever
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by providing instructions for the agent to ingest and process data from the Lever recruitment platform.
- Ingestion points: The documentation in
SKILL.mdidentifiesapideck.ats.applicants.listandapideck.ats.jobs.listas methods for retrieving external data. - Boundary markers: The skill does not provide delimiters or specific instructions to help the agent differentiate between ingested data and system instructions.
- Capability inventory: The skill facilitates network operations and API interactions to manage applicant and job records.
- Sanitization: No explicit data validation or sanitization steps are defined for the information retrieved from the external API.
- [SAFE]: The skill demonstrates safe credential management by utilizing environment variables (
APIDECK_API_KEY,APIDECK_APP_ID) in code examples instead of hardcoding secrets. - [SAFE]: External URLs and package dependencies (
@apideck/unify) are legitimate resources originating from the vendor's own infrastructure and established service domains.
Audit Metadata