Skills
skills/gooseworks-ai/goose-skills/find-twitter-influencers/Gen Agent Trust Hub

find-twitter-influencers

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses python3 locally to parse its configuration file (~/.gooseworks/credentials.json) and curl to interact with its API proxy.
  • [EXTERNAL_DOWNLOADS]: It communicates with several third-party services (Exa, Brand.dev, Fiber, ScrapeCreators, etc.) via the authorized domain api.gooseworks.ai.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from Twitter bios, tweets, and web search results, which is a common surface for indirect prompt injection (Category 8).
  • Ingestion points: Social media profile data and search snippets are processed in SKILL.md.
  • Boundary markers: No explicit instructions are provided to the agent to treat this data as untrusted.
  • Capability inventory: The skill has network capabilities through the curl tool.
  • Sanitization: There is no documented logic for sanitizing or escaping the content retrieved from external APIs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 12:10 PM