local-pois
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation describes network operations to "api.search.brave.com". While this is a legitimate search provider, it is not within the predefined list of Trusted External Sources.
- [DATA_EXFILTRATION] (LOW): The skill transmits sensitive user information, specifically latitude and longitude coordinates ("X-Loc-Lat", "X-Loc-Long"), to a third-party API. This is inherent to the local search functionality but represents a data exposure risk.
- [CREDENTIALS_UNSAFE] (INFO): Authentication is handled via an environment variable ("BRAVE_SEARCH_API_KEY"), which follows security best practices by avoiding hardcoded secrets.
- [INDIRECT_PROMPT_INJECTION] (INFO): The skill processes data from an external search engine (Brave). Since the skill is primarily used for information retrieval and display without write or execution capabilities, the risk tier is minimal. The injection surface is limited to data display.
Audit Metadata