company-intel

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a sensitive credential file to retrieve an API key and base URL.
  • Evidence: Reads ~/.gooseworks/credentials.json to extract api_key and api_base.
  • [COMMAND_EXECUTION]: The skill executes shell commands and inline Python scripts to process authentication data and perform network requests.
  • Evidence: Uses python3 -c for parsing JSON and curl for communicating with the Gooseworks API.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting data from external websites.
  • Ingestion points: Content retrieved from external websites via the scrapegraph API (e.g., https://stripe.com/pricing).
  • Boundary markers: None; the skill does not use delimiters or instructions to prevent the agent from obeying commands embedded in scraped content.
  • Capability inventory: The agent can execute shell commands (curl) and perform local Python operations.
  • Sanitization: No sanitization or validation of external content is performed before the data enters the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — company-intel