Skills
skills/nikiandr/goose-skills/company-contact-finder/Gen Agent Trust Hub

company-contact-finder

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection during its lead generation process.
  • Ingestion points: User-provided company_name and target_titles in SKILL.md, along with profile data (names, titles, locations) returned from the mcp__gooseworks__crustdata_nl_search and mcp__gooseworks__sixtyfour_nl_search tools.
  • Boundary markers: The procedure lacks instructions for using delimiters (such as triple backticks) or protective framing when handling external or user-supplied strings.
  • Capability inventory: The agent is granted the ability to query and process data from the gooseworks MCP tools and output the results to the user.
  • Sanitization: There is no specified logic for sanitizing or validating user input or database results before they are incorporated into the agent's context.
  • [EXTERNAL_DOWNLOADS]: The skill's metadata specifies an installation process using npx goose-skills, which involves fetching the skill package from an external registry at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:17 PM