gowid-expense
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The Python script
scripts/gowid.pycontains a hardcoded API key (_DEFAULT_KEY = "2a33cb19-f808-45a0-9e16-466a896e278a"). This credential is used to authenticate requests to the Gowid API. Hardcoding secrets in source files is a significant risk as it exposes the key to any user or system that can read the skill files.\n- [COMMAND_EXECUTION]: The skill utilizes thesubprocessmodule inscripts/gowid.pyto execute system commands (git config user.email) to identify the local user. Additionally, the instructions inSKILL.mdsuggest the agent should execute the GitHub CLI (gh issue create) to submit feedback, involving interaction with external system tools.\n- [DATA_EXFILTRATION]: The skill extracts the user's email address from the local environment and transmits it to an external domain (openapi.gowid.com) to match records and retrieve private expense data. While this is the intended functionality of the expense management skill, it involves the outbound transmission of personally identifiable information.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from the external Gowid API (such as store names and purpose descriptions) and presents it to the agent. Because the agent has capabilities to execute shell commands and create GitHub issues, malicious data in the upstream system could potentially be used to influence the agent's actions.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata