donation-place-search
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes user inputs for locations and categories, and it ingests organization data from an external package. While this constitutes an indirect prompt injection surface, the risk is negligible as the skill lacks access to high-privilege capabilities or sensitive system data.
- [COMMAND_EXECUTION]: The skill utilizes a Node.js execution environment to format search recommendations. This command execution is restricted to the skill's primary search functionality.
- [EXTERNAL_DOWNLOADS]: The skill relies on the donation-place-search NPM package. This is a vendor-owned resource necessary for the skill's operations and does not involve the execution of arbitrary remote code.
Audit Metadata