speed-cameras
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill's behavior aligns with its documented purpose of helping users locate speed cameras.- [COMMAND_EXECUTION]: Utilizes a dynamic context injection check in
SKILL.mdto confirm the installation status of theuvtool. This is a benign environment check and does not involve user-supplied input.- [EXTERNAL_DOWNLOADS]: Fetches geolocation data and address information fromnominatim.openstreetmap.organdip-api.com. These are well-known services necessary for the skill's geocoding functionality.- [PROMPT_INJECTION]: Evaluated for indirect prompt injection surfaces as the skill ingests data from external APIs. - Ingestion points: Address and location details fetched via
httpxinscripts/speed_cameras.py. - Boundary markers: Results from external APIs are parsed as structured JSON; no explicit instruction-delimiting markers are used.
- Capability inventory: The script performs network requests and maintains a local cache in
~/.config/speed-cameras/. - Sanitization: Data from external sources is mapped to specific result fields in a JSON object and is not used to dynamically construct agent instructions or shell commands.
Audit Metadata