datacommons-client
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of
datacommons-client, a package name that does not match the officialdatacommonslibrary used by the Data Commons organization. This represents an unverifiable dependency that could lead to the installation of untrusted code. - [COMMAND_EXECUTION]: The skill provides instructions for executing
uv pip installto add external packages. When directed toward an unverified package name, this creates a risk of environment compromise through malicious package installation.
Audit Metadata