data-charts-tako
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill instructions include commands to read API keys from
~/.gooseworks/credentials.json. This is standard practice for CLI-based agent skills to manage their own authentication and does not represent an exfiltration risk as the keys are used for the skill's intended API requests toapi.gooseworks.ai. - [COMMAND_EXECUTION]: The skill uses
python3 -cto parse JSON credentials from the local filesystem. These commands are static and do not incorporate user-controlled input, making them safe for the specific purpose of environment setup. - [EXTERNAL_DOWNLOADS]: The skill references an installation command using
npx goose-skills, which is a standard package runner for this ecosystem.
Audit Metadata