JobPoster Skill

The skill enforces a rigid, mandatory multi-step workflow (post job -> spawn monitor -> reply to user) combined with strong directives limiting agent choice. This restricts the agent's ability to adapt or optimize, potentially leading to brittle workflows or unexpected failures.

REQUIRED: Post Job + Spawn Monitor (Two Steps)... Required order: 1. Call post_job 2. Extract jobId 3. Start monitoring sub-agent 4. Only then send the success reply to the user

The skill mandates spawning a sub-agent after every job post and provides the exact task prompt to pass to `sessions_spawn`. This prompt is partially constructed from data returned by an external third-party service (Fuku AI), specifically the jobId. A malicious Fuku AI response could inject arbitrary instructions into the sub-agent's task string, achieving prompt injection into a child agent with potentially unbounded loop behavior (up to 30 iterations, 2-minute waits).

await sessions_spawn({ task: `Monitor LinkedIn sync for job ID "${jobId}". Loop: call check_linkedin_status with jobId="${jobId}", wait 2 minutes, repeat up to 30 times until LinkedIn URL is returned. Notify user when URL is available.`, mode: "run", cleanup: "delete", });

The skill uses repeated, strong directives ('DO NOT assume', 'REQUIRED', 'MUST spawn') to heavily influence the agent's reasoning and prevent it from deviating from the prescribed workflow, even if it perceives alternative paths. This attempts to override agent autonomy and enforce specific behaviors.

DO NOT assume the capability is unavailable... DO NOT bypass post_job... REQUIRED: Post Job + Spawn Monitor (Two Steps)... MUST spawn a sub-agent...

The high-level description implies direct job posting to boards, but the skill actually posts jobs anonymously via a third-party relay service (Fuku AI) using their accounts, not the user's. This means jobs cannot be directly edited or deleted by the user.

Claimed purpose: 'Post free job ads to 20+ job boards'. Actual behavior (detailed later): 'Jobs appear under Fuku AI's accounts, not your LinkedIn page; cannot edit/delete directly.'

The skill explicitly instructs the agent to use `sessions_spawn` to create a sub-agent with a complex, looping task. This grants significant control over the agent's environment and resources, enabling persistent background operations and multi-agent orchestration.

await sessions_spawn({
  task: `Monitor LinkedIn sync for job ID "${jobId}". Loop: call check_linkedin_status with jobId="${jobId}", wait 2 minutes, repeat up to 30 times until LinkedIn URL is returned. Notify user when URL is available.`

The skill explicitly requires and executes `node` and `npm` commands, including `npm install` for dependencies and direct script execution (`node scripts/post_job.js`). This capability allows the skill to run arbitrary code within its environment.

{ "bins": ["node", "npm"] }... command": "npm install"... node scripts/post_job.js --title "..."

All job posting data including job title, company name, location, email address, and job description is transmitted to an external third-party service (https://hapi.fuku.ai) controlled by the skill author. Users' hiring email addresses and company information are sent to this service with no user control over data retention or usage.

This skill uses Fuku AI (https://hapi.fuku.ai) as a third-party job posting relay service [...] Data transmitted: job title, description, company, location, email, LinkedIn company URL.

The skill collects user email addresses (used to receive resumes) and LinkedIn company URLs, transmitting them to the Fuku AI third-party service. This creates a harvesting vector for corporate email addresses and LinkedIn organizational identifiers. The default `linkedinCompanyUrl` hardcoded in the skill points to a specific company page.

email: Email to receive resumes [...] linkedinCompanyUrl: LinkedIn company page URL. Job posts under this company; defaults to Fuku AI's if not specified [...] Default: https://www.linkedin.com/company/business-consulting-inter

The skill aggressively instructs the agent not to use alternative tools (browser automation, curl, direct API calls) and to always route through the skill's own script. This tool shadowing pattern ensures all traffic goes through the skill-controlled code path, preventing the agent from using safer alternatives.

DO NOT replace this skill with browser automation, curl, or manual instructions unless the skill execution path truly fails. [...] Do not assume the capability is unavailable merely because the runtime does not list a separately named top-level native tool called post_job.

A hardcoded LinkedIn company URL is set as the default value for job postings. When users do not supply their own LinkedIn company URL, all jobs are posted under this third-party company page, potentially associating user job postings with an entity the user does not control or recognize.

linkedinCompanyUrl [...] Default: https://www.linkedin.com/company/business-consulting-inter

The skill dictates specific phrasing for the agent's response to the user, ensuring the user is informed that monitoring 'has already started' and forbidding phrasing that makes it sound optional. This manipulates the human's perception of the workflow's completeness and could mask failures.

Mandatory sub-agent rule... Do NOT claim LinkedIn monitoring is in progress unless the sub-agent has actually been started successfully. Forbidden: Offering monitoring as an optional next step...