job-search
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage its environment and perform data retrieval.
- It utilizes
python3 -cto parse and load API credentials from the local file system at~/.gooseworks/credentials.jsoninto environment variables. - It executes
curlcommands to interact with the Gooseworks API proxy (api.gooseworks.ai) to search for jobs, companies, and people. - [DATA_EXPOSURE]: The skill accesses a configuration file at
~/.gooseworks/credentials.jsonto retrieve theapi_keyandapi_base. This is a sensitive file path, but the access is consistent with the standard credential management for the Goose ecosystem tools referenced in the skill. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to use
npxto rungooseworks loginandgoose-skills install, which downloads and executes packages from the npm registry to manage the skill environment.
Audit Metadata