goplaces
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs a binary dependency via a third-party Homebrew tap (steipete/tap/goplaces). Since this repository is not managed by a trusted organization, it is considered an unverifiable dependency.
- COMMAND_EXECUTION (LOW): The skill executes the goplaces command-line tool to perform searches and retrieve place details.
- CREDENTIALS_UNSAFE (SAFE): The skill requires a GOOGLE_PLACES_API_KEY but correctly uses environment variables rather than hardcoded secrets.
- INDIRECT_PROMPT_INJECTION (LOW): The tool fetches external content like place reviews which could contain malicious instructions.
- Ingestion points: goplaces details <place_id> --reviews.
- Boundary markers: None present in instructions.
- Capability inventory: CLI execution for data retrieval.
- Sanitization: None specified in the skill definition.
Audit Metadata