gtm-enrichment-deep
Warn
Audited by Socket on Jul 2, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core enrichment behavior matches the stated purpose, but the skill reads a raw local credential file and routes all vendor requests through a Gooseworks proxy rather than official Sixtyfour/Apollo endpoints. This is not fundamentally incompatible with the skill's purpose, yet it meaningfully expands trust and data-flow exposure, so the main concern is intermediary credential/data handling rather than overt malware.
Confidence: 100%Severity: 60%
Audit Metadata