skill-creator
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill provides instructions to programmatically read sensitive information from
~/.gooseworks/credentials.json. Although this is intended for setting up environment variables (GOOSEWORKS_API_KEY), accessing local credential files is a high-risk pattern that exposes secrets to the shell environment. - [COMMAND_EXECUTION]: The skill executes inline Python scripts (
python3 -c) and shell commands to manipulate environment variables and interface with theorthCLI tool. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npx gooseworks login, which involves fetching and executing code from the npm registry at runtime. It also references an external API endpoint (https://api.gooseworks.ai).
Audit Metadata