social-listening
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read sensitive API credentials from the local filesystem at
~/.gooseworks/credentials.jsonusing shell commands (python3 -c). These credentials are then stored in environment variables and used for subsequent network requests. - [EXTERNAL_DOWNLOADS]: The setup instructions include the command
npx gooseworks login, which downloads and executes code from the npm registry at runtime. - [COMMAND_EXECUTION]: The skill makes extensive use of
curlto interact with external API endpoints atapi.gooseworks.aito perform searches and scraping operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from various external sources:
- Ingestion points: Data is fetched from the public web via Exa, and from social media platforms (X/Twitter, LinkedIn) via Scrape Creators and Scrapegraph.
- Boundary markers: The instructions do not define any delimiters or provide guidance to the agent to ignore or isolate potentially malicious instructions embedded in the scraped web content.
- Capability inventory: The agent has the capability to execute shell commands (
curl,python3) and perform network operations. - Sanitization: There is no evidence of sanitization, filtering, or validation performed on the external data before it is processed by the agent.
Audit Metadata