api-data-fetcher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes several third-party Python libraries to interface with economic APIs. While these are well-known in the data science community, they are external dependencies.
- Packages:
fredapi,wbdata,pandas,bls,pandasdmx,yfinance. - [CREDENTIALS_UNSAFE] (SAFE): The skill follows security best practices by explicitly instructing users to use environment variables for API keys and includes logic to check for these variables before execution.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from external API endpoints, which represents a potential surface for indirect injection if an API were compromised.
- Ingestion points: Network responses from FRED and World Bank APIs are loaded into Pandas DataFrames in the generated code within
SKILL.md. - Boundary markers: Absent; data is processed directly as received from the providers.
- Capability inventory: The code has the capability to write the resulting data to the local filesystem via
to_csv(). - Sanitization: No sanitization is performed on the incoming data before it is written to disk, which is standard for numeric data fetching utilities.
Audit Metadata