company-funding-search

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to read credentials from the user's home directory (~/.gooseworks/credentials.json) using Python and set environment variables. This is a standard practice for local CLI tool configuration and credential management.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests using curl to api.gooseworks.ai and api.orth.sh. These endpoints are relevant to the skill's stated source (orthogonal) and the integration platform (gooseworks). No unauthorized or suspicious third-party domains were detected.
  • [CREDENTIALS_UNSAFE]: While the skill accesses a credential file, it does so to authenticate its own API requests. It does not hardcode secrets or attempt to exfiltrate these credentials to an unrelated third party.
  • [DATA_EXFILTRATION]: The skill sends company names or search queries to the designated API endpoints to retrieve funding data. This is the primary function of the skill and does not involve exfiltrating sensitive personal or system data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — company-funding-search