jlm-coffee
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches its database from a public Google Doc export URL (
https://docs.google.com/document/d/1BfsXKQLbKjogfSebRr0Ixt4L4VJHqPqTfnWxkosvcuM/export?format=txt). This targets a well-known service and is used for fetching informational data. - [COMMAND_EXECUTION]: The skill provides a CLI interface via
scripts/jlm-coffee.pyfor the agent to list, search, and filter coffee shops. It also includes a bash wrapper for easier access. - [DATA_EXFILTRATION]: The script implements a local caching mechanism in the system's temporary directory (
/tmp/jlm-coffee/shops.json) to minimize network requests. This is a standard performance optimization and does not involve sensitive user data.
Audit Metadata