Skills
skills/besoeasy/open-skills/free-geocoding-and-maps/Gen Agent Trust Hub

free-geocoding-and-maps

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Provides shell commands and scripts utilizing curl, jq, and bc for retrieving and processing geographic data.
  • [EXTERNAL_DOWNLOADS]: Fetches data from the official OpenStreetMap Nominatim API (nominatim.openstreetmap.org), which is recognized as a well-known service.
  • [PROMPT_INJECTION]: The skill ingests untrusted user data in the form of addresses, presenting a potential surface for indirect prompt injection.
  • Ingestion points: User-provided address strings processed in geocode_address, batch_geocode, and geocodeWithValidation functions within SKILL.md.
  • Boundary markers: The agent prompt lacks explicit delimiters or instructions to ignore embedded commands within user-supplied addresses.
  • Capability inventory: The skill possesses the ability to perform network operations (curl, fetch) and local data processing.
  • Sanitization: Employs standard URL encoding for API parameters, which provides basic structural protection for the resulting HTTP requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:36 AM