data-charts-tako

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill instructions include commands to read API keys from ~/.gooseworks/credentials.json. This is standard practice for CLI-based agent skills to manage their own authentication and does not represent an exfiltration risk as the keys are used for the skill's intended API requests to api.gooseworks.ai.
  • [COMMAND_EXECUTION]: The skill uses python3 -c to parse JSON credentials from the local filesystem. These commands are static and do not incorporate user-controlled input, making them safe for the specific purpose of environment setup.
  • [EXTERNAL_DOWNLOADS]: The skill references an installation command using npx goose-skills, which is a standard package runner for this ecosystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:16 AM
Security Audit — agent-trust-hub — data-charts-tako