baidu-map-webapi
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from users, such as location names, addresses, and POI keywords (documented in
recipes/address_to_poi.mdandrecipes/nearby_poi_search.md). This data is interpolated into parameters for external API requests to Baidu Maps services. The skill lacks instructions for the agent to sanitize these inputs or use strict boundary markers, creating a surface for indirect prompt injection where malicious payloads in place names could attempt to influence the agent's behavior. - [NO_CODE]: The skill consists entirely of Markdown documentation, recipes, and API references. It does not contain any executable scripts (Python, JavaScript, etc.) or configuration files that would perform operations outside of the agent's standard tool-calling capabilities.
Audit Metadata