Skills
skills/nimbleway/agent-skills/talent-sourcing/Snyk

talent-sourcing

Warn

Audited by Snyk on Apr 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly runs nimble searches against public sites (Step 3: "nimble search --query 'site:linkedin.com/in ...', site:indeed.com, site:github.com, site:wellfound.com") and then extracts and interprets profile pages (Step 4: "nimble extract --url '[profile-url]' --format markdown"), meaning it ingests untrusted, user-generated web content that directly drives scoring, ranking, and follow-up actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 05:38 PM
Issues
1