gtm-enrichment-deep

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive credentials from ~/.gooseworks/credentials.json using a Python one-liner to set environment variables. This is a sensitive file access pattern.
  • [COMMAND_EXECUTION]: The workflow relies on executing shell commands, specifically curl for API interactions and python3 -c for parsing local configuration files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (specifically JSON schema confusion) because user-provided inputs like email and name are interpolated directly into the JSON body of curl requests without explicit sanitization or boundary markers.
  • Ingestion points: The email and name arguments are provided by the user and processed in Steps 2, 3, and 4 in SKILL.md.
  • Boundary markers: None present; values are directly inserted into JSON templates.
  • Capability inventory: The skill uses curl to send data to external endpoints and python3 for local file processing.
  • Sanitization: No evidence of input validation or escaping before interpolation.
  • [EXTERNAL_DOWNLOADS]: The setup instructions recommend running npx gooseworks login, which involves fetching and executing a package from the npm registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — gtm-enrichment-deep