career-ops-job-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to scrape and ingest job descriptions from arbitrary public job-board URLs (e.g., /career-ops {job URL}, the portals.yml scanner entries like boards.greenhouse.io, and batch/batch-runner.sh queue), and those untrusted third‑party pages are read and acted upon to drive evaluations, PDF generation, applications, and other agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill fetches external job pages at runtime (e.g., https://boards.greenhouse.io/anthropic/jobs/12345 and other job-board URLs like https://jobs.lever.co/ and https://jobs.ashbyhq.com/) and injects those pages' text into Claude prompts for evaluation, meaning remote content directly controls agent instructions.