website-screenshot-notte

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions include Python one-liners designed to read sensitive API keys directly from a local configuration file at ~/.gooseworks/credentials.json.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution, specifically curl for API interactions and python3 for parsing JSON configuration data.
  • [DATA_EXFILTRATION]: Authentication tokens and browser navigation commands are transmitted to an external endpoint (api.gooseworks.ai).
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the NPM registry via npm install -g @orth/cli and npx gooseworks login.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external, untrusted URLs:
  • Ingestion points: External webpage content is ingested when the browser navigates to a user-provided URL in Step 2.
  • Boundary markers: None. The skill does not provide instructions to the agent to ignore potentially malicious content embedded in the target webpage.
  • Capability inventory: The skill possesses network access (curl) and local file read capabilities (credentials.json).
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the external website before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — website-screenshot-notte