send-sms-textbelt
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
python3to extract authentication credentials and configuration from a local file (~/.gooseworks/credentials.json). - [COMMAND_EXECUTION]: It employs
curlto make POST requests to the platform's API atapi.gooseworks.aito process the SMS sending request and check delivery status. - [EXTERNAL_DOWNLOADS]: The documentation instructs the user to use
npxfor installation (goose-skills) and authentication (gooseworks), which involves fetching and executing code from the npm registry. - [DATA_EXFILTRATION]: User-provided phone numbers and message content are transmitted to the external domain
api.gooseworks.ai. This is the primary intended function of the skill for sending SMS and is not considered a security violation.
Audit Metadata