talentreview-jobs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires including an x-api-key header for write operations and shows a placeholder {your_api_key}, which encourages the agent to insert API keys verbatim into generated requests or code rather than using secure env/credential handling.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill reads and displays user-provided job listings and related organization/location data from the TalentReview.ai API (e.g., GET /agents/jobs, GET /agents/jobs/{job_id}, and organization/location list endpoints), meaning the agent ingests untrusted third-party content such as job descriptions and organization fields that it must interpret.