goplaces
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the 'goplaces' CLI tool from a developer's Homebrew tap (steipete/tap/goplaces).
- [COMMAND_EXECUTION]: Uses the 'goplaces' command to interact with the Google Places API.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because it fetches and processes place reviews from the Google Places API without explicit boundary markers or sanitization. Ingestion point: Place reviews retrieved via 'goplaces details --reviews' in SKILL.md. Boundary markers: Absent. Capability inventory: Calls to 'goplaces' CLI tool. Sanitization: Absent.
Audit Metadata