amazon-location-service
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and downloads JavaScript SDKs and map assets from official and well-known sources.
- Fetches the Amazon Location Service bundled client and the MapLibre GL library from public CDNs (jsdelivr, unpkg).
- Retrieves map styles and descriptors directly from Amazon Location Service endpoints (
maps.geo.{region}.amazonaws.com). - [PROMPT_INJECTION]: The skill implements features that ingest untrusted user input, creating an indirect prompt injection surface.
- Ingestion points: User-provided address strings and search queries processed in
references/address-input.mdandreferences/places-search.md. - Boundary markers: Boundary markers are absent in the example code; user input is directly passed as parameters to API commands.
- Capability inventory: The skill facilitates network operations (AWS API calls) based on the processed data.
- Sanitization: No explicit sanitization or validation of the input strings is provided in the reference implementation examples.
Audit Metadata