job-posting-intent

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High risk: the package embeds a hard-coded RUBE_TOKEN (JWT) in multiple scripts and defaults to using that token when creating Google Sheets via rube.app, causing scraped lead data to be sent to a third-party account (possible unauthorized exfiltration), and it also sends data to external APIs and submits dynamically generated code to a remote workbench (RUBE_REMOTE_WORKBENCH) — behaviors that can be abused as a backdoor for data theft or remote code execution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches LinkedIn job postings via the Apify actor harvestapi/linkedin-job-search (see SKILL.md and scripts/search_jobs.py), ingests job description text and metadata, and uses that untrusted public content to compute signal strength, personalization, and outreach decisions—meeting the criteria for indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill sends executable code at runtime to Rube's MCP endpoints (e.g., https://rube.app/mcp and https://rube.app) via RUBE_REMOTE_WORKBENCH / Composio tool calls to create Google Sheets, meaning it relies on and triggers remote code execution on that external service.