web-search-linkup

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill provides search and fetch capabilities using a documented API service.
  • [DATA_EXPOSURE]: The skill documentation describes how to read credentials from the platform's standard configuration file (~/.gooseworks/credentials.json). This is a documented setup procedure for the ecosystem and does not represent an exfiltration attempt.
  • [EXTERNAL_DOWNLOADS]: The skill references standard package runners (npx) for installation and authentication using toolsets associated with the platform (gooseworks, goose-skills).
  • [INDIRECT_PROMPT_INJECTION]: The skill provides the ability to ingest data from arbitrary external URLs via the /fetch endpoint.
  • Ingestion points: URL parameter for the /fetch endpoint in SKILL.md.
  • Boundary markers: Not present in the current prompt instructions.
  • Capability inventory: Uses curl to send data to the gooseworks.ai proxy API.
  • Sanitization: No explicit sanitization or filtering is defined in the instructions for content fetched from remote URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-search-linkup