job-posting-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses PreToolUse and PostToolUse hooks to execute internal shell scripts (pre_network_skill_hook.sh, pre_rate_limit_hook.sh, and post_skill_logging_hook.sh) from relative paths (../../../hooks/skills/). These are vendor-provided lifecycle management scripts.
- [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to retrieve data from various external Applicant Tracking Systems (ATS) and company career pages for tech stack analysis.
- [PROMPT_INJECTION]: The skill processes untrusted content from job postings and career pages, which represents an indirect prompt injection surface.
- Ingestion points: External job posting data fetched via WebFetch.
- Boundary markers: Not present in the processing logic.
- Capability inventory: Bash, WebFetch, WebSearch.
- Sanitization: Not present.
Audit Metadata