datacommons-client
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill requires the installation of the
datacommons-clientPython package viauv pip. While this is the official client for a known platform, the GitHub organizationdatacommonsorgis not included in the 'Trusted External Sources' list, making it an unverifiable dependency. - [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface for indirect prompt injection as it ingests untrusted data from an external API.
- Ingestion points: Data enters the agent context through methods like
client.observation.fetch(),client.node.fetch(), andclient.resolve.fetch()as documented inSKILL.md,references/observation.md, andreferences/node.md. - Boundary markers: Absent. There are no instructions provided to the agent to treat the statistical data or graph labels as potentially adversarial or to use delimiters.
- Capability inventory: The skill is primarily a data retrieval tool. It lacks high-risk capabilities such as arbitrary command execution, file system modification, or network writing (beyond API requests), limiting the potential impact of an injection.
- Sanitization: Absent. The skill examples show direct processing of external strings into the agent's context without validation or escaping.
Audit Metadata