lead-enrichment-sixtyfour
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read sensitive authentication data from a local file path at
~/.gooseworks/credentials.json. - [COMMAND_EXECUTION]: The skill uses
python3shell commands to parse configuration files andcurlto execute network operations. - [EXTERNAL_DOWNLOADS]: The documentation references
npx gooseworks login, which initiates the download of thegooseworkspackage from the npm registry. - [REMOTE_CODE_EXECUTION]: Running
npx gooseworks loginexecutes external code from a public package registry on the user's system. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through the ingestion of lead and company data.
- Ingestion points: Untrusted data enters via the
lead,lead_info,target_company, andresearch_planparameters defined inSKILL.md. - Boundary markers: None; external data is interpolated into JSON payloads without delimitation or instructions to ignore embedded commands.
- Capability inventory: The skill uses
curlto transmit data to external API endpoints. - Sanitization: No input validation or sanitization routines are identified for the processed data fields.
Audit Metadata