The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The skill utilizes pickle.load() in references/data-access.md to deserialize cached DrugBank data. This poses a security risk as pickle is known to be unsafe for loading data that could be modified by an untrusted party, potentially leading to arbitrary code execution.\n- [Indirect Prompt Injection] (LOW): The skill ingests large XML datasets from DrugBank, creating a surface for indirect prompt injection. Ingestion points: XML parsing in references/data-access.md. Boundary markers: None identified. Capability inventory: Network access and file system operations. Sanitization: No content sanitization described.\n- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill installs drugbank-downloader and other third-party libraries from PyPI. While these are appropriate for the skill's purpose, they are not from the predefined list of trusted external sources.\n- [Data Exposure & Exfiltration] (LOW): The skill manages API keys and passwords. It recommends using environment variables or a local config file (~/.config/drugbank.ini). This is a legitimate use case but requires users to maintain proper file system security.

drugbank-database