job-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes and ingests public third-party content (Perplexity/Exa research, Playwright scraping of LinkedIn/Eventbrite/Meetup and company careers pages via seren_client.scrape_page) and then uses those untrusted, user-generated or public pages as input to generate outreach, tailor resumes/cover letters, select job postings, and drive automated applications—so external page content can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The agent makes runtime calls to the Seren gateway at https://api.serendb.com (via SerenClient) to invoke publishers (e.g., seren-models, playwright, 2captcha, apollo, alphagrowth, perplexity) which run remote model/automation code and return text that the agent injects into prompts and application automation — and the skill requires SEREN_API_KEY so this external endpoint is a required runtime dependency.