Skills
skills/tinyfish-io/tinyfish-cookbook/salary-market-scanner/Gen Agent Trust Hub

salary-market-scanner

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Orchestrates multiple sub-agents using shell commands and parallel execution, coordinating results via temporary files in the /tmp directory.
  • [EXTERNAL_DOWNLOADS]: Requires the installation of the @tiny-fish/cli tool from npm, which is provided by the skill's author for interacting with the TinyFish platform.
  • [DATA_EXFILTRATION]: Directs agents to perform network requests to external domains including google.com, linkedin.com, indeed.com, and levels.fyi to retrieve market data.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-supplied role and location variables directly into natural language instructions for sub-agents.
  • Ingestion points: User-provided variables ({ROLE}, {LOCATION}) in SKILL.md.
  • Boundary markers: None present; user inputs are inserted directly into prompt strings without delimiters.
  • Capability inventory: Sub-agents possess network access and the ability to navigate and extract data from external websites via the tinyfish agent run command.
  • Sanitization: No sanitization, escaping, or validation of user inputs is performed before they are processed by the agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:41 PM