comprehensive-enrichment

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is instructed to read authentication keys and configuration from the sensitive local file path ~/.gooseworks/credentials.json. These credentials are then used as Bearer tokens in network requests to a remote API.
  • [COMMAND_EXECUTION]: The skill executes shell commands via python3 -c to parse JSON files and uses curl to interact with external APIs. These commands involve shell variable interpolation, which can be a risk factor if input is not properly sanitized.
  • [EXTERNAL_DOWNLOADS]: The skill makes repeated network requests to api.gooseworks.ai to proxy data to various third-party enrichment services (Fiber, Nyne, Hunter, etc.).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its use of tools that process untrusted data from the open web.
  • Ingestion points: The scrapegraph/v1/smartscraper tool reads content from arbitrary URLs provided in the website_url parameter, and linkup/search processes search results from the web.
  • Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when processing data from these tools.
  • Capability inventory: The agent has the capability to execute shell commands (curl) and read files from the home directory.
  • Sanitization: There is no evidence of sanitization or filtering of the external data before it is returned to the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — comprehensive-enrichment