brand-intel-branddev
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands including
curlto perform API requests andpython3to extract configuration values from local JSON files. - [CREDENTIALS_UNSAFE]: The skill is designed to read its own authentication tokens from
~/.gooseworks/credentials.json. This is the documented method for the agent to authenticate with the vendor's service. - [EXTERNAL_DOWNLOADS]: Communicates with
api.gooseworks.aito process brand data extraction requests. This is the official endpoint for the brand intelligence service. - [PROMPT_INJECTION]: Exposure to indirect prompt injection exists within the 'Query website data using AI' and 'Extract products' features. These functions ingest content from external websites which may contain adversarial instructions.
- Ingestion points: External website content fetched via the
/v1/brand/ai/queryand/v1/brand/ai/productsendpoints in SKILL.md. - Boundary markers: Not present; the skill relies on the API to process site content as data for extraction.
- Capability inventory: Command execution via
curlused to send and receive data from the external API (SKILL.md). - Sanitization: The skill instructions do not specify sanitization or escaping for the ingested website content.
Audit Metadata