datadata-api
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions for the 'Device Authorization' flow direct the agent to complete a multi-step process—including starting the flow, opening a verification URL, and polling for a token—autonomously in a single turn without interrupting the user for confirmation. This bypasses the typical human-in-the-loop safety checkpoints for authentication actions.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface when processing data results from external sources. It provides explicit mitigation rules instructing the agent to never read full datasets into the prompt context and instead use local command-line tools or line-limited previews to examine data.
- [COMMAND_EXECUTION]: To safely handle large query results, the skill recommends that the agent utilize system utilities such as
head,tail,wc,grep, andawkfor local data analysis. This operational model assumes the agent has access to execute shell commands on the underlying system. - [SAFE]: The skill manages authentication using an API key stored in a local configuration file (
~/.config/datadata/datadata-api-skills/config.json). The accompanying Python script implements security best practices by applying restrictive file permissions (0600) to the configuration directory and file on Unix-like systems.
Audit Metadata