goplaces
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'goplaces' CLI tool from a third-party Homebrew tap ('steipete/tap/goplaces').- [COMMAND_EXECUTION]: The skill performs its tasks by executing the 'goplaces' binary with various subcommands and parameters based on user instructions.- [PROMPT_INJECTION]: The skill features an indirect injection surface because it processes untrusted user data and interpolates it into command-line arguments. 1. Ingestion points: User-provided search queries, locations, and place IDs described in the 'Common commands' section of 'SKILL.md'. 2. Boundary markers: No explicit delimiters or boundary markers are defined in the instructions to separate user data from command syntax. 3. Capability inventory: The skill has the capability to execute subprocesses via the 'goplaces' CLI tool. 4. Sanitization: There is no documented evidence of input sanitization or validation before user-provided strings are passed to the shell.
Audit Metadata