api-tester
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read authentication keys from the local path
~/.gooseworks/credentials.json. - [COMMAND_EXECUTION]: The skill uses
curlandpython3via shell commands to interact with APIs and parse local credential files. - [DATA_EXFILTRATION]: The skill transmits local credentials and user-provided URLs to the external endpoint
api.gooseworks.ai. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the
scrapegraphfunctionality which processes untrusted external website content. (1) Ingestion point:website_urlparameter in the scrapegraph workflow (SKILL.md). (2) Boundary markers: Absent. (3) Capability inventory: Subprocess execution viacurl. (4) Sanitization: None.
Audit Metadata