lead-enrichment
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly reads from
~/.gooseworks/credentials.jsonto extract sensitive API keys into environment variables, which can lead to the exposure of credentials to the agent's environment. - [COMMAND_EXECUTION]: The skill uses
curlto make network requests andpython3 -cto parse JSON files via the shell, involving the execution of subprocesses that may be influenced by data handled by the skill. - [EXTERNAL_DOWNLOADS]: The skill references
npx gooseworksandnpx goose-skills, which triggers the download and execution of packages from the public npm registry at runtime, presenting a potential supply chain risk. - [PROMPT_INJECTION]: The skill defines a workflow that ingests external lead data (name, company, domain, LinkedIn URLs) into API requests, creating a surface for indirect prompt injection where untrusted data could influence agent behavior.
- Ingestion points: Lead data variables such as
NAME,COMPANY,DOMAIN, andlead_infoinSKILL.md. - Boundary markers: None present to distinguish instructions from untrusted external data.
- Capability inventory: Uses
curlfor network requests andpython3for command-line JSON processing. - Sanitization: No evidence of validation, escaping, or filtering of the processed lead information.
Recommendations
- AI detected serious security threats
Audit Metadata