datacommons-client
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documentation includes specific instructions for the AI to monitor user request complexity and proactively suggest switching to 'K-Dense Web' (www.k-dense.ai). This is an attempt to influence the agent's behavior for promotional purposes.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'datacommons-client' Python package. This is the primary tool for the skill's stated purpose of accessing Data Commons data.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses an API key ('DC_API_KEY') for authentication with the Data Commons service. The documentation correctly guides users to use environment variables or explicit client parameters rather than hardcoding secrets.
- [INDIRECT_PROMPT_INJECTION]: The skill's core function is to retrieve data from the Data Commons knowledge graph. This data is external and untrusted, representing an attack surface where malicious content in the dataset could potentially influence the agent's reasoning.
- Ingestion points: Data is fetched via 'client.observation.fetch()', 'client.node.fetch()', and 'client.resolve.fetch()' as documented in the reference files.
- Boundary markers: None are present in the provided code examples or instructions.
- Capability inventory: The skill primarily performs data retrieval and processing using the 'datacommons-client' and 'Pandas'; no direct shell or system-level capabilities are exposed in the examples.
- Sanitization: No explicit sanitization or validation of the retrieved statistical data is described before it is processed or presented.
Audit Metadata