lead-enrichment

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly reads from ~/.gooseworks/credentials.json to extract sensitive API keys into environment variables, which can lead to the exposure of credentials to the agent's environment.
  • [COMMAND_EXECUTION]: The skill uses curl to make network requests and python3 -c to parse JSON files via the shell, involving the execution of subprocesses that may be influenced by data handled by the skill.
  • [EXTERNAL_DOWNLOADS]: The skill references npx gooseworks and npx goose-skills, which triggers the download and execution of packages from the public npm registry at runtime, presenting a potential supply chain risk.
  • [PROMPT_INJECTION]: The skill defines a workflow that ingests external lead data (name, company, domain, LinkedIn URLs) into API requests, creating a surface for indirect prompt injection where untrusted data could influence agent behavior.
  • Ingestion points: Lead data variables such as NAME, COMPANY, DOMAIN, and lead_info in SKILL.md.
  • Boundary markers: None present to distinguish instructions from untrusted external data.
  • Capability inventory: Uses curl for network requests and python3 for command-line JSON processing.
  • Sanitization: No evidence of validation, escaping, or filtering of the processed lead information.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — lead-enrichment