gtm-enrichment-smart

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive API keys from a local file located at ~/.gooseworks/credentials.json.
  • [COMMAND_EXECUTION]: Uses python3 -c to programmatically extract data from local files and set environment variables, providing a shell execution surface.
  • [REMOTE_CODE_EXECUTION]: Instructs the user to run npx gooseworks login, which downloads and executes code from the NPM registry at runtime.
  • [DATA_EXFILTRATION]: Transmits user-supplied lead data (emails and names) to the external domain api.gooseworks.ai for enrichment, which is the stated purpose of the skill but involves sending potentially sensitive PII to a third party.
  • [EXTERNAL_DOWNLOADS]: Performs outbound network requests to api.gooseworks.ai and api.github.com to fetch enrichment data and social proof signals.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because user-provided inputs (email and name) are interpolated into shell commands (curl) and JSON payloads without sanitization or boundary markers.
  • Ingestion points: email and name parameters in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution via curl and python3 in SKILL.md.
  • Sanitization: No validation or escaping is applied to user data before it is included in command strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — gtm-enrichment-smart