prediction-market-odds

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to read the sensitive file ~/.gooseworks/credentials.json from the user's home directory.
  • [CREDENTIALS_UNSAFE]: The extracted api_key is transmitted as a Bearer token in the Authorization header of network requests made to api.gooseworks.ai and api.orth.sh.
  • [COMMAND_EXECUTION]: Uses python3 -c to execute inline Python code that reads and parses local JSON files to set environment variables.
  • [COMMAND_EXECUTION]: Instructs the agent to execute curl commands which include sensitive API keys in the request headers.
  • [EXTERNAL_DOWNLOADS]: Recommends the use of npx gooseworks login, which downloads and executes code from an external, unverified package registry at runtime.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — prediction-market-odds