phone-verification
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions facilitate the reading of sensitive credentials from
~/.gooseworks/credentials.json. The extractedapi_keyis then included in theAuthorizationheader of network requests to an external API endpoint (api.gooseworks.ai). - [COMMAND_EXECUTION]: Setup procedures involve executing inline Python scripts (
python3 -c) to parse JSON configuration files and export environment variables directly from the shell. - [EXTERNAL_DOWNLOADS]: The skill makes network calls to
api.gooseworks.aito proxy requests to the Didit service. This domain is not identified as a well-known or trusted service in the provided context. - [COMMAND_EXECUTION]: The skill references the execution of
npx gooseworks loginandnpx goose-skills install, which involve fetching and running external code from the npm registry. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted user data and interpolates it into shell-based network commands without explicit sanitization.
- Ingestion points:
phone_numberandcodeparameters provided by the user (interpolated in SKILL.md). - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the user input.
- Capability inventory: Performs network operations via
curland local file reads via shell/Python commands. - Sanitization: Absent; the inputs are directly embedded into the request body of shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata