arcgis-rest-services
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official ArcGIS REST API endpoints (e.g.,
route-api.arcgis.com,geocode-api.arcgis.com,sampleserver6.arcgisonline.com). These are well-known services belonging to Esri. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses safe placeholders like
YOUR_API_KEYandYOUR_TOKENfor authentication instructions. This is standard practice for developer documentation and does not expose actual credentials. - [COMMAND_EXECUTION]: The code examples focus on GIS operations (routing, geocoding, mapping) and do not contain any arbitrary command execution, file system access, or other dangerous system-level operations.
- [PROMPT_INJECTION]: The skill contains no instructions designed to override agent behavior or bypass safety filters.
- [DATA_INJECTION]: The skill describes patterns for ingesting data from external ArcGIS services. While this introduces a theoretical surface for indirect prompt injection (e.g., processing geocoded address strings), the provided examples are limited to benign mapping and logging operations, which poses minimal risk in this context.
Audit Metadata