email-finder-tomba

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses python3 -c for parsing a JSON configuration file and curl for making network requests to the Tomba API. These are standard methods for command-line tool integration.
  • [EXTERNAL_DOWNLOADS]: The setup documentation recommends using npx gooseworks login, which facilitates the execution of the platform's authentication utility via the npm registry.
  • [DATA_EXFILTRATION]: The skill accesses the local ~/.gooseworks/credentials.json file to retrieve API credentials, which are then transmitted to api.gooseworks.ai for authentication. This represents the intended operational flow for the service.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted URLs (e.g., blog posts, LinkedIn profiles) and passes them to the API.
  • Ingestion points: url parameter in the Author Finder and LinkedIn Finder usage examples.
  • Boundary markers: None identified; there are no instructions to the agent to treat content at the target URLs as untrusted data.
  • Capability inventory: Shell command execution via curl in SKILL.md.
  • Sanitization: None; input URLs are passed directly into the API request structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — email-finder-tomba