Skills
skills/athina-ai/goose-skills/linkedin-job-scraper/Gen Agent Trust Hub

linkedin-job-scraper

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the python-jobspy library from PyPI using pip install -U python-jobspy --break-system-packages. This is a third-party dependency not maintained by the skill author.
  • [COMMAND_EXECUTION]: The skill operates by executing a local Python script (tools/jobspy_scraper.py) via the command line. It uses subprocess-style execution patterns to pass user-defined arguments like search terms and locations to the scraper.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from LinkedIn (job titles, companies, and full descriptions) and prints this data to the console for the agent to 'interpret and present.'
  • Ingestion points: Scraped job data from LinkedIn, including the DESCRIPTION field in scripts/jobspy_scraper.py.
  • Boundary markers: None detected. Data is printed directly to the terminal using pandas or a string join without sanitization or delimiters.
  • Capability inventory: The skill uses os.makedirs for file writing and python3.12 for script execution.
  • Sanitization: No evidence of sanitization or escaping for the scraped job descriptions before they are presented to the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:02 PM