goplaces
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external binary tool
goplacesfrom a third-party Homebrew tap (steipete/tap/goplaces). This dependency is hosted on GitHub but is not from a verified or trusted organization listed in the security guidelines. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the
goplacesCLI binary. It passes user-provided strings (like search queries and place IDs) directly to the command line, which could lead to argument injection if the underlying tool does not handle inputs securely. - [CREDENTIALS_UNSAFE]: The skill requires the
GOOGLE_PLACES_API_KEYenvironment variable. The skill documentation also mentions an optionalGOOGLE_PLACES_BASE_URLvariable, which allows redirecting API requests. If this is pointed to a malicious endpoint, the API key could be exposed to an external party. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes data from the Google Places API (including user-generated reviews and place descriptions).
- Ingestion points: Data returned by
goplaces search,details, andreviewscommands. - Boundary markers: No specific delimiters or safety instructions are provided to the agent to treat API output as untrusted data.
- Capability inventory: The agent can execute system commands using the
goplacesbinary. - Sanitization: The skill does not describe any sanitization or filtering of the content retrieved from the external API before presenting it to the agent.
Audit Metadata