apply
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill automates web interactions using
form_input,computer, andread_pagetools. It includes specialized logic for different Applicant Tracking Systems (ATS), such as extracting iframe tokens usingjavascript_toolfor Greenhouse. These operations are restricted to the browser context and gated by user approval. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it ingests untrusted data from external job postings (Step 1 and 3). This risk is mitigated by a mandatory human-in-the-loop approval step (Step 6) where the user reviews all proposed answers before any data is filled, and a final confirmation (Step 8) before submission. Ingestion points include job URLs in
SKILL.md, while the primary capability inventory consists of browser automation and local logging. - [EXTERNAL_DOWNLOADS]: The skill connects to external job boards. These are well-known technology services (Lever, Greenhouse, Workday) and are necessary for the skill's core functionality.
Audit Metadata