gdelt-doc-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, persistence mechanisms, or privilege escalation attempts were detected in the provided skill scripts or markdown files.
- [EXTERNAL_DOWNLOADS]: Fetches data from the GDELT Project's official DOC 2.0 API endpoint (
https://api.gdeltproject.org/api/v2/doc/doc). This is a well-known service for academic and research data retrieval. - [COMMAND_EXECUTION]: The
scripts/gdelt_doc_search.pyscript performs network operations and file writes using standard library modules likeurllibandpathlib. It does not execute arbitrary shell commands or external binaries. - [DATA_EXFILTRATION]: The skill facilitates the transfer of API response data to local file paths as specified by user-provided arguments (
--output). It also reads configuration settings from environment variables, following standard operational patterns. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests data from an external API and presents it to the agent.
- Ingestion points:
scripts/gdelt_doc_search.py(viaurllib.request.urlopenfor API responses). - Boundary markers: Absent.
- Capability inventory: Local file write capability and console output.
- Sanitization: Absent; the script returns raw API content or JSON data without filtering.
Audit Metadata