foresttrip-vacancy
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the Chromium browser binary using the official Playwright installation utility (
python3 -m playwright install chromium). - [COMMAND_EXECUTION]: Shell commands are used for environment setup, including Python dependency installation and Playwright browser configuration.
- [CREDENTIALS_UNSAFE]: The skill handles user credentials for the foresttrip.go.kr service. It reads these from environment variables and manages session persistence via a local JSON cache (
~/.cache/k-skill/foresttrip-vacancy/session.json) which is protected with restricted file permissions (0600). - [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes data from the external
foresttrip.go.krwebsite. This represents an attack surface for indirect prompt injection if the remote content were compromised, though the skill's operation is restricted to read-only vacancy data extraction.
Audit Metadata