Skills
skills/zkl2333/skills/amap-maps/Gen Agent Trust Hub

amap-maps

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill configures an MCP server that uses npx to download and execute the @amap/amap-maps-mcp-server package from the npm registry. This package is associated with a well-known mapping and location service.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes and displays data from the Amap Web Service API.
  • Ingestion points: API responses from tools such as maps_search_text, maps_weather, and route planning utilities.
  • Boundary markers: No specific delimiters are present to distinguish API-provided text from agent instructions.
  • Capability inventory: The skill utilizes the npx command to run the MCP server and performs network requests to the Amap API.
  • Sanitization: No explicit sanitization or filtering of API content is described, though the data originates from a reputable, well-known service provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:30 AM