phone-verification

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructions facilitate the reading of sensitive credentials from ~/.gooseworks/credentials.json. The extracted api_key is then included in the Authorization header of network requests to an external API endpoint (api.gooseworks.ai).
  • [COMMAND_EXECUTION]: Setup procedures involve executing inline Python scripts (python3 -c) to parse JSON configuration files and export environment variables directly from the shell.
  • [EXTERNAL_DOWNLOADS]: The skill makes network calls to api.gooseworks.ai to proxy requests to the Didit service. This domain is not identified as a well-known or trusted service in the provided context.
  • [COMMAND_EXECUTION]: The skill references the execution of npx gooseworks login and npx goose-skills install, which involve fetching and running external code from the npm registry.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted user data and interpolates it into shell-based network commands without explicit sanitization.
  • Ingestion points: phone_number and code parameters provided by the user (interpolated in SKILL.md).
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the user input.
  • Capability inventory: Performs network operations via curl and local file reads via shell/Python commands.
  • Sanitization: Absent; the inputs are directly embedded into the request body of shell commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — phone-verification