targeted-prospecting

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill reads API credentials from a local file located at ~/.gooseworks/credentials.json to authenticate requests.
  • [COMMAND_EXECUTION]: Shell commands are utilized for setup and data retrieval:
  • Executes python3 -c to extract keys and configuration values from local JSON files into environment variables.
  • Executes curl to interact with various lead generation and web scraping API proxies.
  • [EXTERNAL_DOWNLOADS]: The skill connects to multiple external API services, including api.gooseworks.ai, Apollo, Fiber, Nyne, Hunter, Tomba, Sixtyfour, and Tavily to fetch company and contact data.
  • [DATA_EXFILTRATION]: Local API keys are read from the file system and transmitted as authorization headers to the api.gooseworks.ai endpoint during normal operation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its web scraping workflows:
  • Ingestion points: It uses Scrapegraph to ingest data from user-provided company domains, job boards, and discovered leadership pages.
  • Boundary markers: The prompts provided to the scrapers (e.g., "What does this company sell?", "Extract all company names...") do not include delimiters or instructions to ignore potential commands embedded in the scraped content.
  • Capability inventory: The skill has access to network operations (curl) and file reads which could be targeted if the model obeys malicious instructions found on scraped pages.
  • Sanitization: No validation or sanitization is performed on the scraped HTML/text before it is processed by the model for entity extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — targeted-prospecting