shopping-expert
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with SerpAPI and Google Places API to fetch product details and location information. These are well-known services used as intended for the skill's primary functionality.
- [DATA_EXFILTRATION]: User queries and location strings are transmitted to external search providers to retrieve product data. This behavior is required for the shopping expert's operation and involves no sensitive local data access.
- [COMMAND_EXECUTION]: The skill uses the
uvtool for script execution and standard Python argument parsing to handle user inputs, avoiding unsafe shell execution patterns. - [CREDENTIALS_UNSAFE]: Sensitive API keys are managed through environment variables (
SERPAPI_API_KEYandGOOGLE_PLACES_API_KEY) as specified in the metadata, avoiding hardcoded secrets.
Audit Metadata