goplaces
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the goplaces binary from a third-party Homebrew tap (steipete/tap/goplaces).
- [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the goplaces CLI tool to fetch data from the Google Places API.
- [SAFE]: The skill does not contain hardcoded credentials, malicious prompt injections, or unauthorized data exfiltration. It handles user-generated content (reviews), which introduces a potential surface for indirect prompt injection: 1. Ingestion points: SKILL.md (via goplaces details results containing external reviews); 2. Boundary markers: Absent; 3. Capability inventory: Command execution of goplaces; 4. Sanitization: Absent.
Audit Metadata