tooluniverse
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection via untrusted data ingestion. Evidence: In 'scripts/example_workflow.py' and 'references/tool-composition.md', data is retrieved from external sources like PubMed and UniProt. There are no boundary markers or sanitization routines identified. Capability Inventory: The agent can execute over 600 tools via 'tu.run()' and write to the filesystem using the 'save_to_file' hook, creating a direct path for an injection attack to perform unauthorized actions.
- COMMAND_EXECUTION (MEDIUM): Documented in 'references/api_reference.md', the 'tu.run()' and 'tu.load_tools()' methods create a large dynamic execution surface. The system loads 600+ tools into memory, and while this is core to its scientific purpose, the lack of strict input validation at the orchestration layer could allow for arbitrary tool execution if the agent is compromised.
- EXTERNAL_DOWNLOADS (LOW): As shown in 'references/installation.md', the skill requires the installation of 'tooluniverse' via pip. This is a standard dependency for the framework's operation, though it represents an external dependency that should be sourced from trusted registries.
Recommendations
- AI detected serious security threats
Audit Metadata