Skills
skills/athina-ai/goose-skills/expansion-signal-spotter/Gen Agent Trust Hub

expansion-signal-spotter

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it fetches and processes data from external websites and job postings to generate scores and sales talk tracks.
  • Ingestion points: Uses web_search and fetch_webpage to monitor LinkedIn profiles, job boards, and news sites for growth signals.
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore commands that might be embedded in the retrieved web content.
  • Capability inventory: The agent possesses the capability to write reports to the local file system and generate high-stakes sales communication based on the input data.
  • Sanitization: No sanitization or filtering mechanisms are described for the external data before it is presented to the LLM for reasoning.
  • [DATA_EXFILTRATION]: The skill processes sensitive business and financial data, creating a risk surface for data exposure.
  • The skill is designed to ingest customer lists containing sensitive fields such as MRR/ARR, seat usage, and primary contact LinkedIn URLs.
  • While this data processing is central to the skill's primary function, the combination of sensitive data access and network-enabled tools (web_search) represents a potential exfiltration path if the agent is manipulated via prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:03 PM