Skills
skills/gooseworks-ai/goose-skills/extract-webpage-data/Gen Agent Trust Hub

extract-webpage-data

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE]: The skill reads API credentials from ~/.gooseworks/credentials.json. This is the standard mechanism for the skill to authenticate with its own backend services provided by the vendor.
  • [COMMAND_EXECUTION]: The skill uses python3 -c commands to parse the local JSON credential file and set environment variables. This is a common pattern for configuration management in shell environments.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from external web pages that are not under the user's control.
  • Ingestion points: Content retrieved from external URLs via Scrapegraph, Olostep, or Riveter APIs (SKILL.md).
  • Boundary markers: None identified. The instructions do not define delimiters or warnings for the agent to ignore instructions embedded within the scraped content.
  • Capability inventory: The skill uses curl for network operations to communicate with the extraction APIs (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of the extracted web content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:05 PM