nextjs-google-maps
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a diagnostic shell script
scripts/validate-api-key.shthat utilizes standard commands such ascurlandgrepto verify the configuration and validity of the Google Maps API key stored in the project's environment files. - [DATA_EXFILTRATION]: The validation script
scripts/validate-api-key.shreads the API key from the local.env.localenvironment file and performs GET requests to official Google Maps Platform endpoints (maps.googleapis.com) for verification purposes. As the destination is a well-known service associated with the skill's primary purpose, this is documented neutrally. - [EXTERNAL_DOWNLOADS]: The documentation references several well-known and official libraries for installation via standard package managers, including
@react-google-maps/api,dompurify,use-debounce, and@types/google.maps. - [SAFE]: The skill demonstrates security best practices by instructing users on how to apply HTTP referrer restrictions to API keys and providing reusable code patterns for sanitizing external HTML content (instructions) returned by the Google Maps Directions API using
dompurifyto prevent cross-site scripting (XSS).
Audit Metadata