goplaces
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
goplacesCLI to perform place searches and retrieve details. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
goplacesbinary from a third-party Homebrew tap (steipete/tap/goplaces). - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data (e.g., place reviews) from the Google Places API. 1. Ingestion points: Data enters via CLI search and details output. 2. Boundary markers: None identified in the instructions. 3. Capability inventory: Command execution of the
goplacesbinary. 4. Sanitization: No explicit sanitization of API responses is mentioned.
Audit Metadata