google-maps-contact-extract
Fail
Audited by Snyk on Jul 9, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). This skill is explicitly designed to harvest contact data (emails, phones, social profiles) at scale from Google Maps and business websites and even includes guidance to evade anti-scraping—behavior that enables large‑scale data harvesting and potential abuse (spam, unsolicited outreach).
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Yes—during the required “website contacts” step,
scripts/extract-contacts.pyreadsdocument.documentElement.innerHTML/document.body.innerTextfrom each business’s homepage and contact/about subpages (outsider-authored web page text) and returns extracted strings into the agent’s runtime context.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata