Skills
skills/gosom/google-maps-scraper/google-maps-scraper/Gen Agent Trust Hub

google-maps-scraper

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the docker run command to initiate the scraping process. It includes specific operational flags such as -exit-on-inactivity 3m to ensure the container stops automatically after the task is finished.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the gosom/google-maps-scraper image from Docker Hub, which is the core component provided by the author to enable the functionality described.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the processing of web-scraped content.
  • Ingestion points: The agent reads scraped data from business listings (including reviews and descriptions) stored in temporary files like /tmp/gmaps_queries.txt and result files in the /tmp/ directory.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore instructions' warnings when the agent reads and analyzes the resulting CSV or JSON data.
  • Capability inventory: The skill is authorized to use Bash (for docker, touch, wc, and mkdir), Read, and Write tools.
  • Sanitization: There is no explicit sanitization step described for the data retrieved from Google Maps before it is analyzed or displayed to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 02:29 PM