Skills
skills/nimbleway/agent-skills/talent-sourcing/Gen Agent Trust Hub

talent-sourcing

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute nimble CLI commands for web searching and data extraction. It also uses python3 snippets to manage and update a local JSON business profile and memory indexes.
  • [EXTERNAL_DOWNLOADS]: Fetches candidate profiles and search results from external professional platforms (LinkedIn, Indeed, GitHub, Wellfound) through the Nimbleway infrastructure. These operations are performed using the vendor's own CLI tool as intended.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from candidate profiles which presents a surface for indirect prompt injection.
  • Ingestion points: Candidate profile content is extracted in markdown format in Step 4.
  • Boundary markers: No specific delimiters or safety instructions are used when passing extracted candidate data to the scoring and ranking logic in Step 5.
  • Capability inventory: The skill possesses Bash, Write, and Agent tool capabilities across its main execution and sub-agents.
  • Sanitization: There is no evidence of explicit sanitization or filtering of the extracted profile content before it is processed by the LLM for scoring.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:38 PM