datacommons-client
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions in SKILL.md and references/getting_started.md recommend the package "datacommons-client". However, the official Python client for Data Commons is published under the name "datacommons". Recommending a non-standard name variation while linking to official documentation is a characteristic of package impersonation or typosquatting.\n- [DATA_EXFILTRATION]: Example 8 in references/getting_started.md demonstrates writing queried statistical data to a local file (ca_cities_comparison.csv). While a standard data science operation, this capability could be used by a malicious library to exfiltrate or stash data on the local filesystem.\n- [PROMPT_INJECTION]: The skill processes data from external API sources which could lead to indirect prompt injection.\n
- Ingestion points: Data Commons statistical API responses (referenced in references/observation.md and references/node.md).\n
- Boundary markers: Absent; there are no instructions to the agent to treat external data as untrusted or to ignore embedded instructions.\n
- Capability inventory: Network access via fetch methods and file writing via integration with data processing libraries.\n
- Sanitization: Absent; there is no mention of validating or escaping data retrieved from the knowledge graph before processing it.
Audit Metadata