angular-google-maps
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references standard dependencies from trusted registries.
- Evidence: Installation of
@angular/google-maps,@types/google.maps, and@googlemaps/markerclusterervia npm. - [TRUST-SCOPE-RULE]: These packages belong to official Angular or Google namespaces and are downgraded to LOW.
- [DATA_EXPOSURE] (LOW): The skill includes an example of embedding an API key in an HTML script tag.
- Evidence:
<script src="https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY"></script>in index.html. - Context: The skill explicitly warns users to restrict API keys by domain/IP and to use environment configurations instead of hardcoding.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data (addresses for geocoding, marker descriptions for info windows).
- Ingestion points:
geocodeAddress(address: string)andMapWithInfoComponenttemplates. - Capability inventory: Display only via Google Maps API and Angular templates.
- Sanitization: Relies on Angular's default template sanitization, which is a standard security control for frontend components.
- Verdict: LOW as it is a display-only surface with no privileged execution or side effects.
Audit Metadata