The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by integrating data from external lead generation and enrichment services.
Ingestion points: The skill retrieves data from hunter, fiber, sixtyfour, and brand-dev APIs via the proxy endpoint $GOOSEWORKS_API_BASE/v1/proxy/orthogonal/run as described in SKILL.md.
Boundary markers: Workflows do not implement delimiters or specific instructions to the agent to ignore or isolate instructions that might be embedded in the retrieved API data.
Capability inventory: The skill makes use of curl for network requests and python3 for parsing credential files.
Sanitization: There is no explicit sanitization or validation of the content returned by external APIs before it is processed by the agent.
[SAFE]: The skill accesses ~/.gooseworks/credentials.json to retrieve the api_key for the Gooseworks platform. This is a standard credential management practice for vendor-specific skills.
[SAFE]: Network operations are directed to api.gooseworks.ai, the official infrastructure of the skill author, for proxying requests to third-party services.

email-campaign