get-brand-assets
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python and shell commands to manage environment variables from a local configuration file (~/.gooseworks/credentials.json). This is a standard practice for managing API keys in development environments.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to gooseworks.ai, which acts as a proxy for the Brand.dev API. These are well-known services related to the skill's stated purpose of fetching brand assets.
- [CREDENTIALS_UNSAFE]: The skill provides instructions for authenticating with an API key stored in a local JSON file. It uses standard Bearer token authentication and does not expose hardcoded secrets.
- [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were detected. Network operations are limited to the specified API base for fetching requested brand data.
Audit Metadata