prediction-market-odds
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to read the sensitive file
~/.gooseworks/credentials.jsonfrom the user's home directory. - [CREDENTIALS_UNSAFE]: The extracted
api_keyis transmitted as a Bearer token in the Authorization header of network requests made toapi.gooseworks.aiandapi.orth.sh. - [COMMAND_EXECUTION]: Uses
python3 -cto execute inline Python code that reads and parses local JSON files to set environment variables. - [COMMAND_EXECUTION]: Instructs the agent to execute
curlcommands which include sensitive API keys in the request headers. - [EXTERNAL_DOWNLOADS]: Recommends the use of
npx gooseworks login, which downloads and executes code from an external, unverified package registry at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata