aeo
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill frequently invokes
npx goose-aeo@latest, which downloads and executes the latest version of an external package from the NPM registry at runtime. This introduces risks associated with remote code execution and supply chain integrity. - [COMMAND_EXECUTION]: The skill utilizes shell commands to manage its lifecycle, including
npxfor tool execution,node -efor environment variable validation, andechofor writing configuration and secrets to disk. - [CREDENTIALS_UNSAFE]: The skill prompts the user to provide several high-value API keys (OpenAI, Perplexity, Gemini, Grok, Claude, DeepSeek, Firecrawl) and instructs the agent to store these secrets in a local
.envfile. - [EXTERNAL_DOWNLOADS]: Fetches and installs the
goose-aeopackage from an external repository during the setup and analysis phases. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It scrapes external website content during the 'Website Audit' phase and processes this untrusted data to generate scores and recommendations.
- Ingestion points: Scrapes website pages via the
auditcommand. - Boundary markers: None explicitly defined for the scraped content.
- Capability inventory: Executes shell commands and writes to the file system.
- Sanitization: No evidence of sanitization or filtering of the scraped content before processing.
Audit Metadata