Skills
skills/gooseworks-ai/goose-skills/gtm-enrichment-smart/Gen Agent Trust Hub

gtm-enrichment-smart

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. \n
  • Ingestion points: User-provided email and name are used in SKILL.md. \n
  • Boundary markers: Absent. \n
  • Capability inventory: Uses curl, python3, and jq in SKILL.md. \n
  • Sanitization: Absent. If the agent executes the curl templates with malicious inputs (e.g., email containing backticks or shell operators), it could result in command injection. \n- [COMMAND_EXECUTION]: The skill instructions require the execution of several shell commands, including curl for network requests, python3 for parsing JSON files, and jq for filtering data. \n- [CREDENTIALS_UNSAFE]: The skill accesses sensitive credentials at ~/.gooseworks/credentials.json. This is recognized as the standard configuration directory for tools provided by the author, gooseworks-ai.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 12:10 PM