rp-why
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The skill documentation indicates it reads interaction history from the local Goose session directory (~/.local/share/goose/sessions/). These session logs contain full transcripts of AI interactions, which may include proprietary code, personal data, or hardcoded secrets. While this is the primary purpose of the skill, it creates a significant data exposure risk.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill installation command points to a repository (github.com/block/agent-skills) that is not included in the pre-approved list of trusted organizations.
- [Indirect Prompt Injection] (LOW): Processing untrusted session logs provides a surface for indirect prompt injection. (1) Ingestion points: Local session files. (2) Boundary markers: Not identified. (3) Capability inventory: File system read access and prompt analysis. (4) Sanitization: None documented.
Audit Metadata