goose-graphics
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
npxto fetch and execute packages from the npm registry that are not part of the recognized trusted organizations list. - Evidence: Instructions in
SKILL.mdandREADME.mdcommand the agent to runnpx goose-skills install goose-graphicsandnpx gooseworks styles get <slug>. - The package
gooseworksandgoose-skillsare central to the skill's library discovery and installation process. - [REMOTE_CODE_EXECUTION]: Dynamic installation and execution of browser binaries via Playwright.
- Evidence: The skill pack includes scripts (
screenshot.js,fetch-tweet.js) that executenpx playwright install chromiumto download and run browser binaries at runtime for capturing screenshots and scraping data. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to the ingestion and processing of untrusted data from external social media platforms.
- Ingestion points: The
fetch-tweet.jsandfetch-full-tweet.jsscripts scrape raw text content from status pages onx.com. - Boundary markers: The instructions in
SKILL.mdfor the HTML generation phase do not specify any delimiters or warnings to ignore embedded instructions in the scraped content. - Capability inventory: The skill has extensive capabilities, including shell command execution (
npx,node), file writing, and network operations across several scripts. - Sanitization: There is no evidence of sanitization or escaping of the scraped tweet text before it is interpolated into the HTML generation prompt.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch metadata and assets from external services.
- Evidence: The
sources/unsplash.mdfile describes a workflow for searchingapi.unsplash.comusing theUNSPLASH_ACCESS_KEYenvironment variable. Thefetch-tweet.jsscript fetches data fromcdn.syndication.twimg.comandx.com. These are well-known services. - [COMMAND_EXECUTION]: The agent is instructed to execute local scripts and CLI tools to perform its tasks.
- Evidence:
SKILL.mdspecifies runningnode screenshot.jsto process generated HTML andnpx gooseworksto interact with the central style catalog.
Audit Metadata