datacommons-client
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the
datacommons-clientlibrary. The repository ishttps://github.com/datacommonsorg/api-python. While the organization is not on the explicit trusted list, it is a standard package for this service. Installation is viauv pip install. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface (Category 8). 1. Ingestion points: Statistical data and geographic names are retrieved from the datacommons.org API. 2. Boundary markers: No delimiters are documented for use when processing API data. 3. Capability inventory: The skill performs network requests to Data Commons but contains no command execution, file system modification, or dynamic evaluation capabilities. 4. Sanitization: No sanitization of API responses is documented.
- [CREDENTIALS_UNSAFE] (SAFE): Documentation correctly advises users to manage API keys via environment variables rather than hardcoding.
- [DATA_EXFILTRATION] (SAFE): Network communication is restricted to the official API endpoints, and no access to sensitive local files was detected.
Audit Metadata