social-listening

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read sensitive API credentials from the local filesystem at ~/.gooseworks/credentials.json using shell commands (python3 -c). These credentials are then stored in environment variables and used for subsequent network requests.
  • [EXTERNAL_DOWNLOADS]: The setup instructions include the command npx gooseworks login, which downloads and executes code from the npm registry at runtime.
  • [COMMAND_EXECUTION]: The skill makes extensive use of curl to interact with external API endpoints at api.gooseworks.ai to perform searches and scraping operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from various external sources:
  • Ingestion points: Data is fetched from the public web via Exa, and from social media platforms (X/Twitter, LinkedIn) via Scrape Creators and Scrapegraph.
  • Boundary markers: The instructions do not define any delimiters or provide guidance to the agent to ignore or isolate potentially malicious instructions embedded in the scraped web content.
  • Capability inventory: The agent has the capability to execute shell commands (curl, python3) and perform network operations.
  • Sanitization: There is no evidence of sanitization, filtering, or validation performed on the external data before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — social-listening