web-search-valyu
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read and parse
~/.gooseworks/credentials.jsonto extract API keys. This involves accessing sensitive configuration files within the user's home directory to manage authentication tokens. - [COMMAND_EXECUTION]: The setup and discovery sections rely on executing shell commands using
python3 -cto parse JSON files and extract environment variables, which is a form of local command execution. - [EXTERNAL_DOWNLOADS]: The skill recommends using
npxto run thegooseworksandgoose-skillsCLI tools for login and installation. This pattern involves downloading and executing remote code from a public package registry. - [PROMPT_INJECTION]: The skill presents a significant indirect prompt injection surface due to the combination of processing untrusted web content and providing powerful remote capabilities.
- Ingestion points: The
Create Task,Contents, andAnswerendpoints ingest data from external URLs, search queries, and uploaded files (PDFs, images, documents). - Boundary markers: There are no instructions or delimiters provided to the agent to treat retrieved web content as untrusted or to ignore instructions embedded within that data.
- Capability inventory: The
Create Taskendpoint allows forcode_execution, the configuration ofmcp_servers(Model Context Protocol servers for tool access), and the generation of various file types asdeliverables(CSV, Excel, Word, etc.). - Sanitization: The skill does not mention any sanitization or validation of the content retrieved from external sources before it is processed by the agent or the research task.
Audit Metadata