apply-job

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously navigates and scrapes arbitrary job URLs and public sites (via Playwright and WebFetch/WebSearch) — including LinkedIn, company career pages and search results (e.g., rocketreach patterns) — and then reads and interprets that untrusted, user-generated third‑party content to score jobs, tailor resumes/cover letters, and drive automated application/outreach actions, which can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup includes a one-line installer that fetches and can execute remote code and skill files from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/theaayushstha1/job-applier-agent/main/install.sh and https://raw.githubusercontent.com/theaayushstha1/job-applier-agent/main/skills/apply-job/SKILL.md), and those fetched files define the agent's skill content/behavior (prompts, workflows, and scripts), so this is a runtime external dependency that directly controls the agent.