email-finder-tomba
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
python3 -cfor parsing a JSON configuration file andcurlfor making network requests to the Tomba API. These are standard methods for command-line tool integration. - [EXTERNAL_DOWNLOADS]: The setup documentation recommends using
npx gooseworks login, which facilitates the execution of the platform's authentication utility via the npm registry. - [DATA_EXFILTRATION]: The skill accesses the local
~/.gooseworks/credentials.jsonfile to retrieve API credentials, which are then transmitted toapi.gooseworks.aifor authentication. This represents the intended operational flow for the service. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted URLs (e.g., blog posts, LinkedIn profiles) and passes them to the API.
- Ingestion points:
urlparameter in theAuthor FinderandLinkedIn Finderusage examples. - Boundary markers: None identified; there are no instructions to the agent to treat content at the target URLs as untrusted data.
- Capability inventory: Shell command execution via
curlinSKILL.md. - Sanitization: None; input URLs are passed directly into the API request structure.
Audit Metadata