create-linkedin-content
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted data from the user-provided brief and external configuration files.\n
- Ingestion points: Content from the
--briefargument and the~/.goose-skills/voice-guides/voice-linkedin.mdfile are interpolated into the agent's context for generation.\n - Boundary markers: The instructions lack explicit delimiters or markers to differentiate between instructions and the untrusted external content.\n
- Capability inventory: The agent has permissions to read local configuration files and write multiple markdown files to the local filesystem.\n
- Sanitization: The 'self-check' phase focuses on stylistic adherence and banned phrases rather than sanitizing for potential malicious instructions or prompt injection markers.\n- [DATA_EXFILTRATION]: The skill reads from application-specific configuration files in the user's home directory.\n
- Evidence: The skill logic resolves voice tuning parameters by reading
~/.goose-skills/config.jsonand associated markdown guides. This access aligns with the expected behavior of the gooseworks-ai platform and its local configuration storage pattern.
Audit Metadata