speed-cameras
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill runs a local Python script
scripts/speed_cameras.pyusing theuvtool to process camera data and handle location logic. - [EXTERNAL_DOWNLOADS]: The script communicates with well-known geolocation services, specifically
nominatim.openstreetmap.org(OpenStreetMap) andip-api.com, to resolve place names and coordinates. - [DATA_EXFILTRATION]: To function correctly, the skill sends the user's IP address or coordinates to established geocoding providers. This is a documented requirement for its location-based features.
- [PROMPT_INJECTION]: The skill processes data from external API responses and user-supplied arguments, creating a potential surface for indirect prompt injection.
- Ingestion points:
scripts/speed_cameras.py(Responses from Nominatim and ip-api.com APIs). - Boundary markers: Not present.
- Capability inventory: Network access via
httpxand local configuration caching in the user's home directory (~/.config/speed-cameras/). - Sanitization: The script outputs structured JSON, which helps ensure the data is correctly interpreted by the agent.
Audit Metadata