goose-graphics-create-format

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: A technical contradiction exists between the skill's metadata and its core instructions. The skill.meta.json file claims support for 'Custom canvas dimensions (64–8192px)', whereas the SKILL.md file explicitly states that 'Custom canvas dimensions are not supported' and mandates the use of seven fixed canvas sizes. This deceptive metadata can lead to incorrect agent behavior or operation failure.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted user data.
  • Ingestion points: Untrusted data enters the agent context through the 'brief describing the canvas' input.
  • Boundary markers: No boundary markers, delimiters, or warnings to ignore embedded instructions are present in the workflow.
  • Capability inventory: The skill possesses the capability to execute shell commands (npx, node) and perform network writes via the publish command.
  • Sanitization: There is no evidence of sanitization, validation, or escaping of the user-provided brief before it is used to generate the published contentRulesMd specification.
  • [COMMAND_EXECUTION]: The skill's primary workflow involves executing shell commands to manage formats and rendering, including npx gooseworks formats publish, npx gooseworks formats list, and node screenshot.js.
  • [EXTERNAL_DOWNLOADS]: The skill relies on npx and npm to download and execute external packages, specifically the gooseworks and playwright tools, from the public npm registry.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — goose-graphics-create-format