Skills
skills/athina-ai/goose-skills/event-signals/Gen Agent Trust Hub

event-signals

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local Python script scripts/event_signals.py for automated data collection and processing.
  • [EXTERNAL_DOWNLOADS]: The skill downloads structured conference data from a public repository on GitHub (raw.githubusercontent.com/tech-conferences/conference-data/).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes untrusted content (speaker bios, talk titles, podcast descriptions) from external websites and APIs.
  • [PROMPT_INJECTION]: Ingestion points: Data is fetched from Sessionize, Meetup, Luma, ListenNotes, and Devpost.
  • [PROMPT_INJECTION]: Boundary markers: Absent. The prompt does not utilize delimiters to separate untrusted event data from agent instructions.
  • [PROMPT_INJECTION]: Capability inventory: The agent possesses Bash, Write, WebFetch, and WebSearch capabilities.
  • [PROMPT_INJECTION]: Sanitization: The script provides basic HTML stripping via clean_html but does not sanitize against malicious natural language commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 02:26 AM