goose-graphics-create-format
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: A technical contradiction exists between the skill's metadata and its core instructions. The
skill.meta.jsonfile claims support for 'Custom canvas dimensions (64–8192px)', whereas theSKILL.mdfile explicitly states that 'Custom canvas dimensions are not supported' and mandates the use of seven fixed canvas sizes. This deceptive metadata can lead to incorrect agent behavior or operation failure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted user data.
- Ingestion points: Untrusted data enters the agent context through the 'brief describing the canvas' input.
- Boundary markers: No boundary markers, delimiters, or warnings to ignore embedded instructions are present in the workflow.
- Capability inventory: The skill possesses the capability to execute shell commands (
npx,node) and perform network writes via thepublishcommand. - Sanitization: There is no evidence of sanitization, validation, or escaping of the user-provided brief before it is used to generate the published
contentRulesMdspecification. - [COMMAND_EXECUTION]: The skill's primary workflow involves executing shell commands to manage formats and rendering, including
npx gooseworks formats publish,npx gooseworks formats list, andnode screenshot.js. - [EXTERNAL_DOWNLOADS]: The skill relies on
npxandnpmto download and execute external packages, specifically thegooseworksandplaywrighttools, from the public npm registry.
Audit Metadata