goplaces
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
goplacesCLI tool via a third-party Homebrew tap (steipete/tap/goplaces). While the tool is specific to the skill's purpose, it originates from an unverified personal repository. - [COMMAND_EXECUTION]: The skill functions by executing the
goplacesbinary on the host system to interact with the Google Places API, passing user-supplied strings directly as command-line arguments. - [CREDENTIALS_UNSAFE]: The skill requires the
GOOGLE_PLACES_API_KEYenvironment variable. It also allows setting aGOOGLE_PLACES_BASE_URL, which if pointed to a malicious endpoint, could facilitate the interception of the API key. - [PROMPT_INJECTION]: The skill ingests data from the Google Places API, including user-generated reviews, which constitutes an indirect prompt injection surface.
- Ingestion points: Results from search, details, and reviews commands are incorporated into the agent's context.
- Boundary markers: None identified in the skill definition to separate untrusted API data from instructions.
- Capability inventory: The skill executes the local
goplacesCLI. - Sanitization: No explicit sanitization of API-returned text is performed before it is processed by the agent.
Audit Metadata