gtm-enrichment-deep
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive credentials from
~/.gooseworks/credentials.jsonusing a Python one-liner to set environment variables. This is a sensitive file access pattern. - [COMMAND_EXECUTION]: The workflow relies on executing shell commands, specifically
curlfor API interactions andpython3 -cfor parsing local configuration files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (specifically JSON schema confusion) because user-provided inputs like
emailandnameare interpolated directly into the JSON body ofcurlrequests without explicit sanitization or boundary markers. - Ingestion points: The
emailandnamearguments are provided by the user and processed in Steps 2, 3, and 4 inSKILL.md. - Boundary markers: None present; values are directly inserted into JSON templates.
- Capability inventory: The skill uses
curlto send data to external endpoints andpython3for local file processing. - Sanitization: No evidence of input validation or escaping before interpolation.
- [EXTERNAL_DOWNLOADS]: The setup instructions recommend running
npx gooseworks login, which involves fetching and executing a package from the npm registry.
Audit Metadata