contact-finder-contactout
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions provide commands to extract API keys from the
~/.gooseworks/credentials.jsonfile on the local system. - [COMMAND_EXECUTION]: The skill uses
python3 -cto execute local shell commands for parsing credential files and usescurlto interact with external APIs. - [EXTERNAL_DOWNLOADS]: The skill communicates with external API endpoints at
api.gooseworks.aiandapi.orth.shto transmit and receive profile enrichment data. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from external sources.
- Ingestion points: LinkedIn profile data (emails, work history, education, skills, company specialties) returned by the ContactOut API in SKILL.md endpoints 1, 2, 4, 5, and 6.
- Boundary markers: None identified. The instructions do not define delimiters or warnings for the agent to ignore instructions embedded within the fetched data.
- Capability inventory: The skill uses
curlfor network requests to external domains. - Sanitization: None identified. The skill does not provide mechanisms for escaping or filtering the external content before it enters the agent's context.
Audit Metadata