job-posting-intent

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains high-risk abuse patterns: a hard-coded RUBE_TOKEN (present in multiple scripts) causes scraped results to be automatically sent to an external rube.app account and the code uses RUBE_REMOTE_WORKBENCH to execute dynamically constructed code on that remote service — effectively enabling covert exfiltration and remote execution under the embedded token; no other obvious backdoors or obfuscated payloads were found.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches LinkedIn job postings via the Apify actor harvestapi/linkedin-job-search (see SKILL.md and scripts/search_jobs.py), ingests job description text and metadata, and uses that untrusted public content to compute signal strength, personalization, and outreach decisions—meeting the criteria for indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill sends executable code at runtime to Rube's MCP endpoints (e.g., https://rube.app/mcp and https://rube.app) via RUBE_REMOTE_WORKBENCH / Composio tool calls to create Google Sheets, meaning it relies on and triggers remote code execution on that external service.