drugbank-database
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (MEDIUM): The reference file 'references/data-access.md' includes a code example utilizing 'pickle.load()'. Python's 'pickle' module is insecure and can be exploited to execute arbitrary code during the deserialization process. If an attacker gains access to the local filesystem and modifies the 'drugbank_parsed.pkl' file, they could achieve code execution when the skill next loads the cached data.
- External Downloads (MEDIUM): The skill installs several third-party Python packages and downloads large database files from 'go.drugbank.com'. These sources are not included in the 'Trusted Organizations' or 'Trusted Repositories' lists, making the package installations unverifiable dependencies.
- Command Execution (LOW): The skill documentation provides 'pip install' commands for environment setup, which requires executing shell commands to modify the local Python environment.
- Indirect Prompt Injection (LOW): The skill processes large volumes of external data from the DrugBank database, which could potentially contain malicious instructions.
- Ingestion points: Data retrieved via the 'drugbank_downloader' package and 'requests.get' API calls.
- Boundary markers: No delimiters or 'ignore instructions' warnings are implemented in the provided parsing logic.
- Capability inventory: Includes network access, file system write access for caching, and unsafe deserialization capabilities.
- Sanitization: No validation or sanitization of the external XML/JSON data is demonstrated before processing.
Audit Metadata