kosis-stats
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for read-only access to official government statistics through the Korean Statistical Information Service (KOSIS) and a vendor-operated proxy.
- [SAFE]: Credential management is handled securely; API keys are resolved from environment variables or a local configuration file with recommended restricted permissions, and the script explicitly redacts these keys in dry-run outputs and proxy requests to prevent leakage.
- [SAFE]: The implementation in
scripts/run_kosis_stats.pyuses only Python's standard library, eliminating risks associated with third-party dependencies and supply chain attacks. - [SAFE]: Input parameters such as search queries and table IDs are properly URL-encoded before being sent to external endpoints, preventing injection-style attacks in the HTTP request process.
- [SAFE]: The default proxy server (
k-skill-proxy.nomadamas.org) is a resource provided by the verified author (NomaDamas), and the script logic ensures no user API keys are transmitted to it.
Audit Metadata