event-planner
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues detected. The skill performs legitimate event planning tasks using official Google APIs and follows standard practices for handling environment-based credentials.
- [DATA_EXFILTRATION]: All network requests are directed to well-known Google API endpoints (places.googleapis.com, maps.googleapis.com) for venue searching and route information. No sensitive data is transmitted to untrusted domains.
- [COMMAND_EXECUTION]: The Python script uses standard argument parsing and does not utilize any functions capable of arbitrary command execution or system-level modification.
- [PROMPT_INJECTION]: The skill processes data from the Google Places API, representing a surface for indirect prompt injection from external content. • Ingestion points: Venue names, addresses, and user-supplied preferences in scripts/plan_event.py. • Boundary markers: Output is structured using Markdown tables. • Capability inventory: HTTPS network requests and console output. • Sanitization: Venue data is URL-quoted for generated map links.
Audit Metadata