local-places
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill processes data from the Google Places API, which represents a potential surface for indirect prompt injection if an attacker were to control venue information.
- Ingestion points: Venue names and descriptions enter the system via the
search_placesandget_place_detailsfunctions insrc/local_places/google_places.py. - Boundary markers: The skill returns structured JSON to the agent; explicit prompt boundary markers are not implemented within the skill itself.
- Capability inventory: The skill is limited to performing network requests to the Google API and does not have access to command execution or file system modifications.
- Sanitization: The skill relies on Pydantic for data structure validation but does not sanitize string content for potential malicious instructions.
- [Data Exposure & Exfiltration] (SAFE): The skill handles the Google API key through standard environment variable practices and only transmits it over HTTPS to the official Google API domain.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Dependencies specified in
pyproject.tomlare standard, reputable packages from PyPI. No suspicious remote code execution patterns or unverified script downloads were detected.
Audit Metadata