datacommons-client
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The installation instructions in SKILL.md specify 'pip install datacommons-client'. The official library for Data Commons is published as 'datacommons'. Using a similar but unofficial name is a common typosquatting technique used to deceive users and developers into installing malicious software.
- [REMOTE_CODE_EXECUTION] (HIGH): Installation and import of an unverified package ('datacommons-client') allows for arbitrary code execution on the host machine during the installation or runtime phase of the AI agent's operation.
- [CREDENTIALS_UNSAFE] (LOW): The skill documentation mentions managing the 'DC_API_KEY'. While it suggests standard environment variables, the use of an untrusted package creates a high risk that these credentials could be intercepted and exfiltrated.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection from untrusted statistical data retrieved via the Data Commons API. 1. Ingestion points: 'DataCommonsClient.observation.fetch' and 'client.node.fetch' in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Data retrieval, knowledge graph navigation, and Pandas data processing. 4. Sanitization: No evidence of input validation or response sanitization is present in the skill's code snippets.
Recommendations
- AI detected serious security threats
Audit Metadata