Skills
skills/letta-ai/lettabot/local-places/Gen Agent Trust Hub

local-places

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill requires a GOOGLE_PLACES_API_KEY for its core functionality. The implementation correctly retrieves this from environment variables using os.getenv rather than hardcoding it in the source files.
  • [EXTERNAL_DOWNLOADS]: The skill setup involves downloading standard Python packages from PyPI, including fastapi, httpx, and uvicorn. These are widely used, reputable libraries for building and running web services.
  • [COMMAND_EXECUTION]: The documentation provides instructions to run shell commands (using uv and uvicorn) to host a local server on 127.0.0.1. This execution is confined to the local machine and is necessary for the skill's proxy architecture.
  • [DATA_EXFILTRATION]: Network requests are directed to https://places.googleapis.com, which is the official endpoint for a well-known service (Google). No suspicious or unauthorized data transmission to unknown third parties was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:40 PM