find-skill
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions include commands to programmatically read sensitive credentials from the local filesystem.
- Evidence: Extracts
api_keyfrom~/.gooseworks/credentials.jsonusing a Python one-liner to set theGOOSEWORKS_API_KEYenvironment variable. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of external tools and facilitates the download of third-party code.
- Evidence: Instructs the agent to perform a global installation of the Orthogonal CLI via
npm install -g @orth/cliand usesorth skills addto fetch remote content. - [REMOTE_CODE_EXECUTION]: The core functionality of the skill is the installation of new executable 'skills' into the agent's environment from a remote library.
- Evidence: Use of
orth skills add <slug>to install and subsequently use new capabilities, which can include arbitrary scripts or instructions. - [COMMAND_EXECUTION]: The skill relies on shell command execution for its setup and operation.
- Evidence: Extensive use of backticked shell commands for environment variable configuration, package management, and file system operations.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing external instructions from newly installed skills.
- Ingestion points: Reading the
SKILL.mdfile of newly downloaded skills from the Orthogonal library inSKILL.md. - Boundary markers: None; the agent is instructed to read and follow instructions from these external files directly.
- Capability inventory: Subprocess execution (orth CLI), file-write (installation), and global package installation (npm).
- Sanitization: None provided for the content of the downloaded skills.
Recommendations
- AI detected serious security threats
Audit Metadata