get-brand-assets

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python and shell commands to manage environment variables from a local configuration file (~/.gooseworks/credentials.json). This is a standard practice for managing API keys in development environments.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to gooseworks.ai, which acts as a proxy for the Brand.dev API. These are well-known services related to the skill's stated purpose of fetching brand assets.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for authenticating with an API key stored in a local JSON file. It uses standard Bearer token authentication and does not expose hardcoded secrets.
  • [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were detected. Network operations are limited to the specified API base for fetching requested brand data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — get-brand-assets