datacommons-client
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to override the agent's system prompt, bypass safety filters, or extract sensitive instructions.
- Data Exposure & Exfiltration (SAFE): The skill correctly handles API authentication via environment variables or explicit client initialization. No hardcoded credentials, sensitive file path access, or unauthorized network exfiltration patterns were identified.
- Unverifiable Dependencies (SAFE): The skill utilizes the official
datacommons-clientpackage. Installation commands are standard and do not involve piped execution or untrusted remote scripts. - Persistence and Privilege Escalation (SAFE): No patterns related to system persistence (e.g., cron jobs, shell profile modification) or privilege escalation (e.g., sudo, chmod) were detected.
- Indirect Prompt Injection (SAFE): While the skill retrieves data from external API endpoints, the source (Data Commons) is an authoritative provider of statistical data. The risk of malicious injection via these statistical payloads is negligible in the context of the skill's intended use.
Audit Metadata