comprehensive-enrichment
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is instructed to read authentication keys and configuration from the sensitive local file path
~/.gooseworks/credentials.json. These credentials are then used as Bearer tokens in network requests to a remote API. - [COMMAND_EXECUTION]: The skill executes shell commands via
python3 -cto parse JSON files and usescurlto interact with external APIs. These commands involve shell variable interpolation, which can be a risk factor if input is not properly sanitized. - [EXTERNAL_DOWNLOADS]: The skill makes repeated network requests to
api.gooseworks.aito proxy data to various third-party enrichment services (Fiber, Nyne, Hunter, etc.). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its use of tools that process untrusted data from the open web.
- Ingestion points: The
scrapegraph/v1/smartscrapertool reads content from arbitrary URLs provided in thewebsite_urlparameter, andlinkup/searchprocesses search results from the web. - Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when processing data from these tools.
- Capability inventory: The agent has the capability to execute shell commands (
curl) and read files from the home directory. - Sanitization: There is no evidence of sanitization or filtering of the external data before it is returned to the agent context.
Recommendations
- AI detected serious security threats
Audit Metadata