investor-research

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read sensitive authentication data and API keys from the local file ~/.gooseworks/credentials.json.
  • [COMMAND_EXECUTION]: Uses python3 command-line execution to parse JSON configuration files and curl for all network communications.
  • [DATA_EXFILTRATION]: Credentials extracted from the local filesystem are transmitted to the external domain api.gooseworks.ai within Authorization headers across multiple workflow steps.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to download and execute the gooseworks and goose-skills packages from the remote npm registry.
  • [PROMPT_INJECTION]: The skill ingests data from several external APIs including Fiber, Exa, and Sixtyfour, creating a surface for indirect prompt injection. Mandatory Evidence: Ingestion points found in SKILL.md (Steps 1-4), lack of boundary markers or 'ignore' instructions for the agent when processing these results, high capabilities including network access and shell command execution, and no sanitization of the external data before it enters the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — investor-research