local-places
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a local API proxy. A review of the source code confirms it correctly implements the intended functionality without any hidden or malicious behaviors.
- [DATA_EXFILTRATION]: The skill communicates with official Google API endpoints (places.googleapis.com). Sensitive information, such as the Google Places API Key, is properly managed via environment variables and is not hardcoded or leaked.
- [PROMPT_INJECTION]: The skill processes data from the Google Places API which could serve as a surface for indirect prompt injection. 1. Ingestion points: API responses processed in google_places.py. 2. Boundary markers: None present in SKILL.md instructions. 3. Capability inventory: Restricted to place searching and detail retrieval; no file system access or command execution capabilities. 4. Sanitization: Uses Pydantic models for structural validation, though no explicit natural language content filtering is performed. The risk is considered minimal given the narrow scope of the skill.
Audit Metadata