verify-email

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-controlled email addresses directly into shell commands without explicit sanitization or defensive boundary markers.
  • Ingestion points: The email parameter, sourced from user input, is used directly in curl commands within SKILL.md.
  • Boundary markers: The instructions lack delimiters or explicit warnings to the agent to treat the user input as untrusted content.
  • Capability inventory: The skill has the capability to execute shell commands (curl, python3) and perform network operations.
  • Sanitization: No sanitization or shell-escaping logic is implemented to protect against malicious input in the email field.
  • [DATA_EXFILTRATION]: The skill instructions direct the agent to access a sensitive credentials file on the local filesystem to retrieve API keys.
  • Evidence: The agent is instructed to execute a python3 command to read ~/.gooseworks/credentials.json and extract the api_key.
  • Context: While this access is functional and used for authenticating with the primary service, it involves the programmatic extraction of secrets from the user's home directory.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for its primary configuration and operational tasks.
  • Evidence: The skill examples demonstrate the use of curl for API requests and python3 for parsing JSON configuration data.
  • Context: These commands are used to implement the intended functionality of email verification and credential management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — verify-email