aeo-run
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the
goose-aeoCLI utility. It executesnpx goose-aeowith various flags (status,run,analyze,report) to perform its core functions. These commands are gated by user confirmation where costs are involved. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto execute thegoose-aeopackage. This involves fetching the package from the npm registry if it is not already cached locally. The package is a known resource belonging to the skill author 'athina-ai'. - [DATA_EXPOSURE]: The skill accesses
.goose-aeo.ymlto verify the setup state. This file contains local configuration settings for the AEO analysis tool. - [INDIRECT_PROMPT_INJECTION]: The skill processes data returned from external AI search engines (ChatGPT, Perplexity, etc.) during the analysis phase. While this represents an untrusted data ingestion surface, the processing is performed by the dedicated
goose-aeotool to extract specific metrics like brand mentions and prominence.
Audit Metadata