goose-graphics

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to fetch and execute packages from the npm registry that are not part of the recognized trusted organizations list.
  • Evidence: Instructions in SKILL.md and README.md command the agent to run npx goose-skills install goose-graphics and npx gooseworks styles get <slug>.
  • The package gooseworks and goose-skills are central to the skill's library discovery and installation process.
  • [REMOTE_CODE_EXECUTION]: Dynamic installation and execution of browser binaries via Playwright.
  • Evidence: The skill pack includes scripts (screenshot.js, fetch-tweet.js) that execute npx playwright install chromium to download and run browser binaries at runtime for capturing screenshots and scraping data.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to the ingestion and processing of untrusted data from external social media platforms.
  • Ingestion points: The fetch-tweet.js and fetch-full-tweet.js scripts scrape raw text content from status pages on x.com.
  • Boundary markers: The instructions in SKILL.md for the HTML generation phase do not specify any delimiters or warnings to ignore embedded instructions in the scraped content.
  • Capability inventory: The skill has extensive capabilities, including shell command execution (npx, node), file writing, and network operations across several scripts.
  • Sanitization: There is no evidence of sanitization or escaping of the scraped tweet text before it is interpolated into the HTML generation prompt.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch metadata and assets from external services.
  • Evidence: The sources/unsplash.md file describes a workflow for searching api.unsplash.com using the UNSPLASH_ACCESS_KEY environment variable. The fetch-tweet.js script fetches data from cdn.syndication.twimg.com and x.com. These are well-known services.
  • [COMMAND_EXECUTION]: The agent is instructed to execute local scripts and CLI tools to perform its tasks.
  • Evidence: SKILL.md specifies running node screenshot.js to process generated HTML and npx gooseworks to interact with the central style catalog.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — goose-graphics