competitor-research

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive credentials directly from the local file system at ~/.gooseworks/credentials.json. It extracts the api_key using a Python subprocess command to populate environment variables for subsequent API calls.
  • [COMMAND_EXECUTION]: The skill uses python3 -c to dynamically parse JSON credential files and extract values. This pattern of executing code via string interpolation in the shell is a sensitive operation.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to run the gooseworks login command. The npx utility downloads and executes Node.js packages from the npm registry at runtime.
  • [DATA_EXFILTRATION]: Extracted credentials (API keys) are transmitted in the headers of curl requests to the $GOOSEWORKS_API_BASE endpoint. While this is the intended authentication flow for the platform, it involves the transmission of sensitive local data to a remote server.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from external websites via tools like scrapegraph and exa. A malicious website could provide content designed to influence the agent's behavior during the research process.
  • Ingestion points: External URLs processed by scrapegraph and exa search results.
  • Boundary markers: None identified in the provided instructions.
  • Capability inventory: Subprocess execution via curl and python3, and local file reading of credentials.json.
  • Sanitization: No explicit sanitization or validation of the scraped content is performed before the agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — competitor-research