doe-geothermal
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates exclusively with well-known and trusted government and research domains, specifically openei.org and nrel.gov, to fetch geothermal data.
- [SAFE]: API key handling follows security best practices by resolving credentials from environment variables or a local configuration file (~/.config/openei/credentials) rather than using hardcoded secrets.
- [SAFE]: The provided Python reference implementation uses only the standard library and performs no dangerous operations such as arbitrary code execution or unauthorized system access.
- [SAFE]: While the skill ingests data from external sources (OpenEI and GDR), which is a common surface for indirect prompt injection, the sources are authoritative government-managed platforms.
- Ingestion points: Data is fetched via the OpenEI Semantic MediaWiki API and GDR web search in SKILL.md.
- Boundary markers: No explicit delimiters are specified for the fetched data in the provided instructions.
- Capability inventory: The skill utilizes bash_tool for performing network requests via curl.
- Sanitization: No explicit sanitization of the fetched wiki or HTML content is performed prior to processing.
Audit Metadata