market-research
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is instructed to read sensitive credentials from a local file at
~/.gooseworks/credentials.json. It specifically extracts an API key using shell commands. - [DATA_EXFILTRATION]: Extracted credentials and user-provided research queries are transmitted to external endpoints including
api.gooseworks.aiand proxied services like Apollo and Fiber. - [COMMAND_EXECUTION]: The skill uses
python3 -cto execute inline Python scripts for parsing credential files andcurlto perform network operations. It also invokesnpxfor login and installation procedures. - [EXTERNAL_DOWNLOADS]: The skill relies on external packages (
gooseworks,goose-skills) downloaded and executed from the npm registry at runtime. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted data from external market research APIs.
- Ingestion points: API responses from company search, people search, and natural language search endpoints in
SKILL.md. - Boundary markers: None are present to distinguish between instructions and research data.
- Capability inventory: The agent can execute shell commands (
curl,python3) and read files in the home directory. - Sanitization: No sanitization or validation of the ingested API data is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata