competitor-research
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive credentials directly from the local file system at
~/.gooseworks/credentials.json. It extracts theapi_keyusing a Python subprocess command to populate environment variables for subsequent API calls. - [COMMAND_EXECUTION]: The skill uses
python3 -cto dynamically parse JSON credential files and extract values. This pattern of executing code via string interpolation in the shell is a sensitive operation. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto run thegooseworks logincommand. Thenpxutility downloads and executes Node.js packages from the npm registry at runtime. - [DATA_EXFILTRATION]: Extracted credentials (API keys) are transmitted in the headers of
curlrequests to the$GOOSEWORKS_API_BASEendpoint. While this is the intended authentication flow for the platform, it involves the transmission of sensitive local data to a remote server. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from external websites via tools like
scrapegraphandexa. A malicious website could provide content designed to influence the agent's behavior during the research process. - Ingestion points: External URLs processed by
scrapegraphandexasearch results. - Boundary markers: None identified in the provided instructions.
- Capability inventory: Subprocess execution via
curlandpython3, and local file reading ofcredentials.json. - Sanitization: No explicit sanitization or validation of the scraped content is performed before the agent processes it.
Audit Metadata