The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires pubchempy and requests. While these are common libraries, the use of specialized third-party packages from PyPI without version pinning or integrity checks introduces a supply chain risk where a compromised package could execute arbitrary code.
[DATA_EXFILTRATION] (LOW): The scripts scripts/bioactivity_query.py and scripts/compound_search.py perform network requests to pubchem.ncbi.nlm.nih.gov. This domain is not on the trusted whitelist. While appropriate for the skill's purpose, all non-whitelisted network activity is flagged for review to ensure no sensitive data is sent to external endpoints.
[PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) The skill possesses an attack surface for indirect prompt injection.
Ingestion points: Data is ingested from the PubChem PUG and PUG-View APIs in bioactivity_query.py and via the pubchempy library in compound_search.py.
Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings applied to the data retrieved from the API before it is processed by the agent.
Capability inventory: The skill has network access capabilities (requests) and file-writing capabilities (pcp.download in compound_search.py).
Sanitization: No sanitization or validation of the external API content is performed, meaning malicious strings stored in the PubChem database (e.g., in compound descriptions or synonyms) could potentially influence the agent's behavior.

pubchem-database