gtm-enrichment-smart
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive API keys from a local file located at
~/.gooseworks/credentials.json. - [COMMAND_EXECUTION]: Uses
python3 -cto programmatically extract data from local files and set environment variables, providing a shell execution surface. - [REMOTE_CODE_EXECUTION]: Instructs the user to run
npx gooseworks login, which downloads and executes code from the NPM registry at runtime. - [DATA_EXFILTRATION]: Transmits user-supplied lead data (emails and names) to the external domain
api.gooseworks.aifor enrichment, which is the stated purpose of the skill but involves sending potentially sensitive PII to a third party. - [EXTERNAL_DOWNLOADS]: Performs outbound network requests to
api.gooseworks.aiandapi.github.comto fetch enrichment data and social proof signals. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because user-provided inputs (
emailandname) are interpolated into shell commands (curl) and JSON payloads without sanitization or boundary markers. - Ingestion points:
emailandnameparameters inSKILL.md. - Boundary markers: Absent.
- Capability inventory: Shell command execution via
curlandpython3inSKILL.md. - Sanitization: No validation or escaping is applied to user data before it is included in command strings.
Audit Metadata