skill-creator

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides instructions to programmatically read sensitive information from ~/.gooseworks/credentials.json. Although this is intended for setting up environment variables (GOOSEWORKS_API_KEY), accessing local credential files is a high-risk pattern that exposes secrets to the shell environment.
  • [COMMAND_EXECUTION]: The skill executes inline Python scripts (python3 -c) and shell commands to manipulate environment variables and interface with the orth CLI tool.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx gooseworks login, which involves fetching and executing code from the npm registry at runtime. It also references an external API endpoint (https://api.gooseworks.ai).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — skill-creator