jobindex-search
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves job listing information and full descriptions from the official Danish job portal at
https://www.jobindex.dk. These requests are necessary for the skill's primary function and target a well-known service. - [COMMAND_EXECUTION]: The agent is authorized to execute the skill's CLI tool using
bun run. This command execution is limited to the scripts provided within the skill package. - [PROMPT_INJECTION]: The skill processes content from third-party job listings, which constitutes an indirect prompt injection surface.
- Ingestion points: Job listing data is fetched from the Jobindex.dk website in the
searchanddetailcommands located incli/src/commands/. - Boundary markers: The CLI outputs data in structured JSON, table, or plain-text formats, providing a clear structure for the agent.
- Capability inventory: The agent can execute the local CLI via
Bash, which in turn has network access to retrieve web content. - Sanitization: The CLI implements regex-based HTML tag stripping and entity decoding in
cli/src/helpers.tsandcli/src/commands/detail.tsto convert HTML content into plain text before presenting it to the agent.
Audit Metadata