verify-email
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-controlled email addresses directly into shell commands without explicit sanitization or defensive boundary markers.
- Ingestion points: The
emailparameter, sourced from user input, is used directly incurlcommands withinSKILL.md. - Boundary markers: The instructions lack delimiters or explicit warnings to the agent to treat the user input as untrusted content.
- Capability inventory: The skill has the capability to execute shell commands (
curl,python3) and perform network operations. - Sanitization: No sanitization or shell-escaping logic is implemented to protect against malicious input in the email field.
- [DATA_EXFILTRATION]: The skill instructions direct the agent to access a sensitive credentials file on the local filesystem to retrieve API keys.
- Evidence: The agent is instructed to execute a
python3command to read~/.gooseworks/credentials.jsonand extract theapi_key. - Context: While this access is functional and used for authenticating with the primary service, it involves the programmatic extraction of secrets from the user's home directory.
- [COMMAND_EXECUTION]: The skill relies on shell command execution for its primary configuration and operational tasks.
- Evidence: The skill examples demonstrate the use of
curlfor API requests andpython3for parsing JSON configuration data. - Context: These commands are used to implement the intended functionality of email verification and credential management.
Audit Metadata