Skills
skills/athina-ai/goose-skills/customer-discovery/Gen Agent Trust Hub

customer-discovery

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill performs extensive data gathering from external, untrusted sources such as company websites, Wayback Machine snapshots, and technology directories. An attacker could place malicious instructions in HTML attributes (e.g., image alt text, headings, or ARIA labels) which the agent might follow while parsing or summarizing the results.
  • Ingestion points: scripts/scrape_website_logos.py, scripts/scrape_wayback_logos.py, and scripts/search_builtwith.py fetch and parse HTML content from arbitrary user-provided URLs.
  • Boundary markers: There are no explicit boundary markers or instructions in the procedure to treat the fetched data as untrusted content.
  • Capability inventory: The skill utilizes shell commands (mkdir) and Python scripts with network access.
  • Sanitization: While the Python scripts use regular expressions to clean extracted text for display, they do not specifically filter for instructions that could influence the LLM's behavior.
  • [COMMAND_EXECUTION]: The SKILL.md instructions include shell command templates such as mkdir -p customer-discovery-[company-slug] and python3 ... --url "[company-url]". If the company-slug or company-url variables contain shell metacharacters (e.g., ;, &&, or |), they could lead to command injection, depending on the implementation of the agent platform executing these instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:06 PM