datacommons-client
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill installs the
datacommons-clientpackage viauv pip. This is a verifiable and standard dependency for accessing the Data Commons service.\n- Indirect Prompt Injection (LOW): The skill ingests untrusted data from the external Data Commons API, which could theoretically contain instructions intended to influence the agent's behavior.\n - Ingestion points: Statistical and metadata results from
client.observation.fetch,client.node.fetch, andclient.resolve.fetch.\n - Boundary markers: Absent in the code snippets provided in the documentation.\n
- Capability inventory: Performs network requests to
datacommons.organd processes retrieved data using the Pandas library.\n - Sanitization: No explicit sanitization or escaping of the fetched API data is shown in the usage examples.
Audit Metadata