team-linkedin-profiles
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read sensitive API keys from the local filesystem at
~/.gooseworks/credentials.jsonusing a Python subprocess. Accessing credential files in the user's home directory is a high-risk operation that exposes secrets. - [COMMAND_EXECUTION]: The skill utilizes
python3 -cfor parsing local JSON andcurlfor interacting with external APIs. Executing shell commands to manage configuration or process data can lead to security vulnerabilities if the environment or inputs are manipulated. - [DATA_EXFILTRATION]: The skill transmits API keys and user-supplied search parameters (company and team names) to an external endpoint (
api.gooseworks.ai). While this is functional for the tool, the transmission of credentials and organizational data to a third-party service is a sensitive action. - [EXTERNAL_DOWNLOADS]: The workflow relies on fetching data from multiple external providers, including Exa, Hunter, Brand.dev, and Fiber, via a proxy service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from multiple external search APIs without implementing boundary markers or sanitization. Maliciously crafted data within LinkedIn profiles or company descriptions could influence the agent's logic.
- Ingestion points: Data retrieved from Exa search results, Hunter domain searches, and Fiber profile fetches (SKILL.md).
- Boundary markers: None present; external strings are interpolated directly into the context.
- Capability inventory: Shell execution (
curl,python3) and broad network access. - Sanitization: There is no evidence of validation or sanitization for the data fetched from external providers.
Recommendations
- AI detected serious security threats
Audit Metadata