google-maps
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface because it ingests data from an external source (Google Maps API) that is controlled by third parties. Maliciously crafted place names or metadata could potentially influence the agent's behavior.
- Ingestion points: SKILL.md (retrieval of toolcall content using
refly workflow toolcalls). - Boundary markers: Absent. The output from the Google Maps workflow is fed directly into the agent context without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill is limited to 'text-data' operations and display actions; it does not possess file-write, network-send, or arbitrary code execution capabilities.
- Sanitization: Absent. Data is processed raw via
jq. - COMMAND_EXECUTION (LOW): The skill instructions rely on local shell commands (
refly,jq) to execute the workflow and retrieve data. While this is the intended design for this skill pattern, it requires the agent to correctly escape user-provided search queries to prevent local shell injection.
Audit Metadata