The Agent Skills Directory

Dynamic Execution (MEDIUM): The file references/data-access.md provides an example of using pickle.load() to retrieve cached database results. The pickle module is notoriously insecure as it can execute arbitrary code during deserialization if the cache file is tampered with by an attacker.\n- External Downloads (MEDIUM): The skill requires the installation of several Python packages such as drugbank-downloader and bioversions from PyPI. These packages are not maintained by the predefined trusted organizations, posing a supply-chain risk if the packages are compromised.\n- Data Exposure (LOW): The documentation in references/data-access.md guides the user to store DrugBank credentials in environment variables and local configuration files (~/.config/drugbank.ini). If the agent has read access to these locations, the credentials can be exposed.\n- Data Exfiltration (LOW): The skill performs network requests to go.drugbank.com to fetch drug data and JSON responses. This domain is not on the trusted whitelist, although the traffic is consistent with the skill's primary stated purpose.\n- Indirect Prompt Injection (LOW): The skill ingests and parses external XML data from DrugBank (e.g., in references/data-access.md). This establishes an attack surface where malicious content embedded in the drug database could potentially influence the agent's behavior at runtime.

drugbank-database