Skills
skills/gooseworks-ai/goose-skills/goose-graphics/Gen Agent Trust Hub

goose-graphics

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the Playwright library and its Chromium browser binary to function. These components are downloaded from official npm and Microsoft registries as part of the documented setup process.
  • [COMMAND_EXECUTION]: To initialize the screenshot tool, the skill instructs the agent to run npm install and npx playwright install chromium. These are standard administrative tasks for configuring the rendering environment.
  • [REMOTE_CODE_EXECUTION]: The skill is distributed and installed via the npx goose-skills utility. This installation method involves executing code fetched from a remote package registry, which is the intended mechanism for the Agent Skills ecosystem.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, creating a potential surface for indirect prompt injection.
  • Ingestion points: screenshot/fetch-tweet.js fetches content from x.com and cdn.syndication.twimg.com to be rendered in social proof graphics.
  • Boundary markers: The HTML templates generated for graphics do not use specific delimiters for external content injection.
  • Capability inventory: screenshot/screenshot.js uses Playwright to render local HTML files, which could potentially execute scripts if the content is not properly escaped.
  • Sanitization: The ingestion script fetch-tweet.js uses the .innerText DOM property, which ensures that only the text content of the source is extracted, preventing the inclusion of malicious HTML or script tags from the source platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 09:49 AM