drugbank-database
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill utilizes the 'pickle' module to cache parsed DrugBank data in
references/data-access.md. - Evidence: The file
references/data-access.mdincludes code snippets usingpickle.load(f)on a local file. - Risk: Deserializing data using 'pickle' can lead to arbitrary code execution if the cache file is tampered with by a malicious actor.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and parse large XML datasets from external sources.
- Ingestion points: Data is retrieved via
drugbank-downloaderand parsed inreferences/data-access.md. - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for the ingested XML content.
- Capability inventory: The skill has network access (requests), file system access (writing cache files), and XML parsing capabilities.
- Sanitization: No evidence of sanitization or safety filtering for the content of the drug database before it is processed by the agent.
- External Downloads (SAFE): The skill downloads data from
go.drugbank.com. - Evidence: Referenced in
SKILL.mdandreferences/data-access.md. - Risk: While the source is reputable, the skill relies on external data that is not under the immediate control of the user.
Audit Metadata