send-sms-textbelt

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses python3 to extract authentication credentials and configuration from a local file (~/.gooseworks/credentials.json).
  • [COMMAND_EXECUTION]: It employs curl to make POST requests to the platform's API at api.gooseworks.ai to process the SMS sending request and check delivery status.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs the user to use npx for installation (goose-skills) and authentication (gooseworks), which involves fetching and executing code from the npm registry.
  • [DATA_EXFILTRATION]: User-provided phone numbers and message content are transmitted to the external domain api.gooseworks.ai. This is the primary intended function of the skill for sending SMS and is not considered a security violation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — send-sms-textbelt