contact-finder-contactout

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions provide commands to extract API keys from the ~/.gooseworks/credentials.json file on the local system.
  • [COMMAND_EXECUTION]: The skill uses python3 -c to execute local shell commands for parsing credential files and uses curl to interact with external APIs.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with external API endpoints at api.gooseworks.ai and api.orth.sh to transmit and receive profile enrichment data.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from external sources.
  • Ingestion points: LinkedIn profile data (emails, work history, education, skills, company specialties) returned by the ContactOut API in SKILL.md endpoints 1, 2, 4, 5, and 6.
  • Boundary markers: None identified. The instructions do not define delimiters or warnings for the agent to ignore instructions embedded within the fetched data.
  • Capability inventory: The skill uses curl for network requests to external domains.
  • Sanitization: None identified. The skill does not provide mechanisms for escaping or filtering the external content before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — contact-finder-contactout