investor-call-prep
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources and interpolates it into prompts without sanitization.
- Ingestion points: The skill reads investor names and descriptions from Google Calendar events and extracts content from various venture capital firm websites using the Scrapegraph API.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present when external content is passed to tools like Perplexity.
- Capability inventory: The skill can execute shell commands via curl, read local configuration files, and write data to Google Sheets.
- Sanitization: There is no evidence of validation or escaping of external content before it is used to influence the research process.
- [DATA_EXFILTRATION]: The skill reads Google Calendar data and sends extracted information to external research APIs (Apollo, Perplexity, Scrapegraph) and ultimately to Google Sheets. This behavior is transparently documented and necessary for the skill's primary purpose.
- [COMMAND_EXECUTION]: The skill uses curl to interact with the vendor's API proxy and python3 for basic parsing of its own credential file (~/.gooseworks/credentials.json). These operations are standard for the tool's execution environment.
Audit Metadata