web-search-valyu

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read and parse ~/.gooseworks/credentials.json to extract API keys. This involves accessing sensitive configuration files within the user's home directory to manage authentication tokens.
  • [COMMAND_EXECUTION]: The setup and discovery sections rely on executing shell commands using python3 -c to parse JSON files and extract environment variables, which is a form of local command execution.
  • [EXTERNAL_DOWNLOADS]: The skill recommends using npx to run the gooseworks and goose-skills CLI tools for login and installation. This pattern involves downloading and executing remote code from a public package registry.
  • [PROMPT_INJECTION]: The skill presents a significant indirect prompt injection surface due to the combination of processing untrusted web content and providing powerful remote capabilities.
  • Ingestion points: The Create Task, Contents, and Answer endpoints ingest data from external URLs, search queries, and uploaded files (PDFs, images, documents).
  • Boundary markers: There are no instructions or delimiters provided to the agent to treat retrieved web content as untrusted or to ignore instructions embedded within that data.
  • Capability inventory: The Create Task endpoint allows for code_execution, the configuration of mcp_servers (Model Context Protocol servers for tool access), and the generation of various file types as deliverables (CSV, Excel, Word, etc.).
  • Sanitization: The skill does not mention any sanitization or validation of the content retrieved from external sources before it is processed by the agent or the research task.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-search-valyu