eia-data
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the official and well-known US Energy Information Administration (EIA) API at
https://api.eia.gov/v2/. All network traffic is directed to this government domain. - [COMMAND_EXECUTION]: The skill includes instructions and code examples to retrieve API credentials from
~/.config/eia/credentialsusing shell commands (grep, cut) and file system modules in Go and Python. This behavior is restricted to the skill's own configuration path and is necessary for its primary function. - [PROMPT_INJECTION]: The skill ingests data from the EIA API, which presents a surface for indirect prompt injection. However, the risk is negligible as the data source is a verified government provider of structured numerical statistics.
- Ingestion points: API responses from
https://api.eia.gov/v2/(referenced in SKILL.md). - Boundary markers: No explicit delimiters are used for the interpolation of API data into the agent's output.
- Capability inventory: The skill uses
bash_tool(curl, grep) and Python (requests) to perform network and file operations. - Sanitization: The skill does not implement additional sanitization or filtering of the structured JSON data before presentation.
Audit Metadata