google-maps
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes the
@cablate/mcp-google-mappackage from the NPM registry usingnpx. This is a vendor-owned resource used for the skill's primary functionality. \n- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to interact with the Google Maps API through the CLI tool, passing user-derived parameters as JSON strings. \n- [PROMPT_INJECTION]: The skill ingests untrusted data from the Google Maps API, including user reviews and AI-generated place summaries. This creates an indirect prompt injection attack surface as the data is processed by the agent without explicit boundary markers or sanitization. \n - Ingestion points: API responses from
maps_place_detailsandmaps_search_placescontaining user-generated content. \n - Boundary markers: None defined in the skill instructions to separate external data from agent instructions. \n
- Capability inventory: The skill allows shell command execution through its primary tools. \n
- Sanitization: No specific mechanisms are mentioned to filter or sanitize the ingested data.
Audit Metadata