local-search
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation and execution of the agentcash package from the public NPM registry to interact with its services.
- [COMMAND_EXECUTION]: Shell commands are used to invoke the agentcash CLI tool for fetching search results, retrieving place details, and checking the status of the local payment wallet.
- [DATA_EXFILTRATION]: User search queries and location parameters are sent to the stableenrich.dev domain to retrieve information from Google Maps, which is the primary and documented function of the skill.
- [PROMPT_INJECTION]: The skill processes external data including user-generated reviews and atmosphere descriptions from the Google Maps API, which could potentially contain adversarial instructions meant to influence agent behavior.
Audit Metadata