dataverse-api
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes
curland the Pythonrequestslibrary to interact with the official Harvard Dataverse API (dataverse.harvard.edu). These operations are standard for its stated purpose of research data discovery. - [DATA_EXFILTRATION]: Network operations are directed solely towards well-known academic repositories. No access to sensitive local files (e.g., SSH keys, credentials) or unauthorized data transmission was observed.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from the Dataverse API, such as dataset descriptions and metadata. While this constitutes an ingestion surface for untrusted data, the risk is inherent to the tool's function and no malicious patterns targeting the agent were identified.
- [COMMAND_EXECUTION]: The provided Python code includes a file download function (
download_file) that writes to a user-specifiedoutput_path. While this involves file system writes, it is a standard implementation for downloading research data and does not exhibit malicious intent.
Audit Metadata