Skills
skills/gooseworks-ai/goose-skills/event-signals/Gen Agent Trust Hub

event-signals

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/event_signals.py to automate the collection and processing of event data from various platforms.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from several external services including Sessionize, Confs.tech, Apify (proxied through the vendor domain api.gooseworks.ai), ListenNotes, and Devpost to gather speaker and event information.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection.
  • Ingestion points: Untrusted content is retrieved from conference websites and external APIs as defined in SKILL.md and scripts/event_signals.py.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the ingested external content as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill environment allows access to powerful tools like Bash, WebFetch, and WebSearch which could be exploited if malicious instructions are present in the external data.
  • Sanitization: The scripts/event_signals.py file contains a clean_html function to sanitize data for CSV storage, but no semantic sanitization is applied to content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM