Skills
skills/trpc-group/trpc-agent-go/goplaces/Gen Agent Trust Hub

goplaces

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the 'goplaces' CLI tool from a third-party Homebrew tap ('steipete/tap/goplaces').
  • [COMMAND_EXECUTION]: The skill invokes the 'goplaces' binary to perform text searches and retrieve place details via the command line.
  • [DATA_EXFILTRATION]: The skill requires a 'GOOGLE_PLACES_API_KEY' environment variable for authentication with Google's API. The use of environment variables is a recommended practice for secure credential management.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted data from the Google Places API, such as reviews and place names.
  • Ingestion points: Results from 'goplaces search' and 'goplaces details' in SKILL.md.
  • Boundary markers: None.
  • Capability inventory: Execution of the 'goplaces' CLI tool in SKILL.md.
  • Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:08 AM
Security Audit — agent-trust-hub — goplaces