wikidata-search
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with trusted Wikimedia domains, including
wikidata.organdwmcloud.org(Wikimedia Cloud). These are standard endpoints for the stated purpose of searching and retrieving knowledge base data. - [SAFE]: The implementation in
scripts/wikidata_api.pyuses only Python's standard library (urllib,json,os,time,gzip), avoiding any risk associated with unverified external dependencies. - [SAFE]: Authentication for the Vector DB service is handled securely via environment variables (
WIKIDATA_VECTORDB_API_SECRET), following security best practices for secret management. - [SAFE]: No evidence of prompt injection, obfuscation, or dangerous execution patterns (such as
eval,exec, orsubprocess) was found in the provided code or documentation. - [PROMPT_INJECTION]: As the skill retrieves data from a public wiki (Wikidata), it inherently possesses a surface for indirect prompt injection. However, since the skill does not have capabilities to modify the local file system, execute arbitrary commands, or perform unauthorized network requests, the risk associated with this ingestion point is minimal and standard for information-retrieval tools.
Audit Metadata