local-search
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in rules/getting-started.md require the installation of the agentcash package from the public NPM registry. This package is an unverified dependency from a source not included in the trusted vendor list.
- [REMOTE_CODE_EXECUTION]: Multiple commands in SKILL.md and rules/getting-started.md utilize npx agentcash@latest. This pattern fetches and executes the most recent version of the package from the network at runtime, allowing for unpinned and unverified code execution in the agent's environment.
- [COMMAND_EXECUTION]: The skill's primary workflows rely on executing shell commands through the agentcash CLI tool. This allows external code to perform system-level operations and network requests that extend beyond the stated purpose of location searching.
- [DATA_EXFILTRATION]: Search queries, location coordinates, and business details are sent to the third-party domain https://stableenrich.dev. This domain is an unverified proxy for Google Maps APIs, which introduces a risk of data collection or logging by an unknown entity.
- [PROMPT_INJECTION]: The skill ingests untrusted content from the external API that could be exploited through indirect prompt injection. 1. Ingestion points: Place names, addresses, and user reviews fetched from stableenrich.dev in SKILL.md. 2. Boundary markers: No delimiters are present to isolate API data from agent instructions. 3. Capability inventory: The agent has the ability to execute shell commands via npx in SKILL.md and rules/getting-started.md. 4. Sanitization: No sanitization of the returned API data is performed before it is added to the conversation context.
Audit Metadata