brand-intel-branddev

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands including curl to perform API requests and python3 to extract configuration values from local JSON files.
  • [CREDENTIALS_UNSAFE]: The skill is designed to read its own authentication tokens from ~/.gooseworks/credentials.json. This is the documented method for the agent to authenticate with the vendor's service.
  • [EXTERNAL_DOWNLOADS]: Communicates with api.gooseworks.ai to process brand data extraction requests. This is the official endpoint for the brand intelligence service.
  • [PROMPT_INJECTION]: Exposure to indirect prompt injection exists within the 'Query website data using AI' and 'Extract products' features. These functions ingest content from external websites which may contain adversarial instructions.
  • Ingestion points: External website content fetched via the /v1/brand/ai/query and /v1/brand/ai/products endpoints in SKILL.md.
  • Boundary markers: Not present; the skill relies on the API to process site content as data for extraction.
  • Capability inventory: Command execution via curl used to send and receive data from the external API (SKILL.md).
  • Sanitization: The skill instructions do not specify sanitization or escaping for the ingested website content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — brand-intel-branddev