website-screenshot-notte
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions include Python one-liners designed to read sensitive API keys directly from a local configuration file at
~/.gooseworks/credentials.json. - [COMMAND_EXECUTION]: The skill relies on shell command execution, specifically
curlfor API interactions andpython3for parsing JSON configuration data. - [DATA_EXFILTRATION]: Authentication tokens and browser navigation commands are transmitted to an external endpoint (
api.gooseworks.ai). - [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the NPM registry via
npm install -g @orth/cliandnpx gooseworks login. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external, untrusted URLs:
- Ingestion points: External webpage content is ingested when the browser navigates to a user-provided URL in Step 2.
- Boundary markers: None. The skill does not provide instructions to the agent to ignore potentially malicious content embedded in the target webpage.
- Capability inventory: The skill possesses network access (
curl) and local file read capabilities (credentials.json). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the external website before it is processed by the agent.
Audit Metadata