gmaps-leads
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The script 'scripts/extract_website_contacts.py' retrieves content from arbitrary business websites and incorporates it into a prompt for Claude without sanitization or strict boundary markers. An attacker could place malicious instructions on their website to influence the agent's behavior or extraction logic.
- Ingestion points: External business website content is fetched in 'scripts/extract_website_contacts.py'.
- Boundary markers: The prompt used in 'extract_contacts_with_claude' does not use robust delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has network access, local file system write access ('.tmp/'), and Google Sheets write access.
- Sanitization: Content is converted to markdown but no semantic filtering or sanitization of instructions is applied.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to gather data. 'scripts/extract_website_contacts.py' fetches data from business websites and uses DuckDuckGo for search-based enrichment. It also interfaces with Apify's API to crawl Google Places.
- [CREDENTIALS_UNSAFE]: The skill manages sensitive service credentials.
- Requires 'APIFY_API_TOKEN' and 'ANTHROPIC_API_KEY' via environment variables.
- Handles Google OAuth 2.0 and Service Account credentials stored in 'credentials.json', 'service_account.json', and 'token.json'.
Audit Metadata