job-search
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests permissions to modify system scheduled tasks using the
crontabcommand. This is used to maintain persistence for the automated daily search feature. - [DATA_EXFILTRATION]: The skill accesses sensitive local files containing personal identifiable information (PII), specifically user resumes in
~/.proficiently/resume/and contact lists in~/.proficiently/linkedin-contacts.csv. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its job scraping functionality. 1. Ingestion points: Untrusted data is read from
hiring.cafeand various employer career pages. 2. Boundary markers: There are no explicit markers or instructions to isolate the external job descriptions from the agent's instructions. 3. Capability inventory: The skill can read/write local files and manage system scheduled tasks. 4. Sanitization: No validation or sanitization is performed on the scraped job descriptions before they are processed by the evaluation sub-agent.
Audit Metadata