jobindex-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses live job listings and full job-detail HTML/JSON from the public jobindex.dk API (see SKILL.md and helpers.ts: apiFetch("/jobsoegning.json") and htmlFetch(url)), and those untrusted public job postings and embedded HTML blobs are read and used by parseJobCards/parseDetailPage to produce IDs, descriptions, apply URLs, and other fields that could influence subsequent actions — meeting the criteria for indirect prompt injection risk.