lead-enrichment-sixtyfour

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive authentication data from a local file path at ~/.gooseworks/credentials.json.
  • [COMMAND_EXECUTION]: The skill uses python3 shell commands to parse configuration files and curl to execute network operations.
  • [EXTERNAL_DOWNLOADS]: The documentation references npx gooseworks login, which initiates the download of the gooseworks package from the npm registry.
  • [REMOTE_CODE_EXECUTION]: Running npx gooseworks login executes external code from a public package registry on the user's system.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through the ingestion of lead and company data.
  • Ingestion points: Untrusted data enters via the lead, lead_info, target_company, and research_plan parameters defined in SKILL.md.
  • Boundary markers: None; external data is interpolated into JSON payloads without delimitation or instructions to ignore embedded commands.
  • Capability inventory: The skill uses curl to transmit data to external API endpoints.
  • Sanitization: No input validation or sanitization routines are identified for the processed data fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — lead-enrichment-sixtyfour