web-search-linkup
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides search and fetch capabilities using a documented API service.
- [DATA_EXPOSURE]: The skill documentation describes how to read credentials from the platform's standard configuration file (
~/.gooseworks/credentials.json). This is a documented setup procedure for the ecosystem and does not represent an exfiltration attempt. - [EXTERNAL_DOWNLOADS]: The skill references standard package runners (
npx) for installation and authentication using toolsets associated with the platform (gooseworks,goose-skills). - [INDIRECT_PROMPT_INJECTION]: The skill provides the ability to ingest data from arbitrary external URLs via the
/fetchendpoint. - Ingestion points: URL parameter for the
/fetchendpoint inSKILL.md. - Boundary markers: Not present in the current prompt instructions.
- Capability inventory: Uses
curlto send data to thegooseworks.aiproxy API. - Sanitization: No explicit sanitization or filtering is defined in the instructions for content fetched from remote URLs.
Audit Metadata