Skills
skills/browser-act/skills/google-maps-reviews-api-skill/Gen Agent Trust Hub

google-maps-reviews-api-skill

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The Python script scripts/google_maps_reviews_api.py makes network requests to api.browseract.com to trigger and poll for review extraction tasks. This domain is associated with the skill's author/vendor.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection attack surface. 1. Ingestion points: External review data (author name, text, etc.) is fetched from Google Maps via the API and printed to the console. 2. Boundary markers: The script does not wrap the output in delimiters or provide warnings to the agent to ignore instructions embedded in the review text. 3. Capability inventory: The skill has the capability to execute Python scripts and perform network operations. 4. Sanitization: The retrieved data is processed and displayed without any filtering or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 07:59 AM