rental-prices
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary functionality is to query an embedded dataset of Sydney rental prices. No malicious patterns such as credential theft, data exfiltration, or obfuscation were found.
- [DYNAMIC_CONTEXT_INJECTION]: The skill uses the
!command`` syntax inSKILL.mdto check if theuvpackage manager is installed (command -v uv). This is a benign environmental check used for status reporting at load time. - [EXTERNAL_DOWNLOADS]: The Python script (
scripts/rental_prices.py) performs network requests to well-known geolocation services, including Nominatim (OpenStreetMap) and ip-api.com. These requests are used solely to resolve suburb names to coordinates or detect the user's general location for the "nearby suburbs" feature. - [COMMAND_EXECUTION]: The skill uses the
Bashtool but restricts its usage in the YAML frontmatter touv run *. This configuration follows the principle of least privilege by limiting command execution to the provided Python script and its dependencies. - [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive local files are accessed. The script maintains a local cache in
~/.config/rental-pricesfor performance, which is a standard and safe practice.
Audit Metadata