Skills
skills/gooseworks-ai/goose-skills/data-charts-tako/Gen Agent Trust Hub

data-charts-tako

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructions involve reading an API key from a local configuration file at ~/.gooseworks/credentials.json to authenticate with the vendor's service. This is a standard practice for managing credentials for this type of tool.
  • [COMMAND_EXECUTION]: The skill uses curl to make network requests to api.gooseworks.ai for data retrieval and chart generation. It also suggests using python3 locally to export configuration values from the credentials file.
  • [EXTERNAL_DOWNLOADS]: The documentation mentions npx gooseworks login for user authentication, which refers to an external tool provided by the vendor.
  • [PROMPT_INJECTION]: The skill accepts natural language queries and CSV data from users. While this provides a surface for indirect prompt injection, the impact is confined to the data visualization service's outputs (charts and insights), and no risky capabilities such as arbitrary code execution are exposed to this untrusted data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:06 PM