gooseworks-master

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly facilitates large-scale harvesting/enrichment of personal data (emails, profiles, commenters, engagers) and instructs users to download and execute scripts/files from a remote skill catalog—creating a clear supply-chain/remote-code-execution vector that could be used to exfiltrate data or install backdoors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs scraping public sites (Twitter/X, Reddit, LinkedIn and arbitrary websites) and to fetch/run GooseWorks skills/scripts that ingest and parse user-generated, open-web content as part of the normal workflow, so that third-party content can materially influence parsing, decisions, and follow-up tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches runtime instructions and executable scripts from the GooseWorks API (e.g. https://api.gooseworks.ai/api/skills/catalog/ and related $GOOSEWORKS_API_BASE endpoints), and those returned "content", "scripts", and "files" are saved and run locally and directly control agent prompts and execution flow.