drugbank-database
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill suggests using the
picklemodule for caching parsed drug data inreferences/data-access.md. - Evidence: The implementation example uses
pickle.load(f)to restore data from a local file. - Risk:
pickleis inherently insecure; deserializing a maliciously crafted pickle file can result in arbitrary code execution on the host system. - [Indirect Prompt Injection] (LOW): The skill processes large volumes of external data from the DrugBank database (XML/JSON format).
- Ingestion points: DrugBank XML database files and REST API responses (referenced in
SKILL.mdandreferences/data-access.md). - Boundary markers: None identified in the prompt snippets; the agent is instructed to parse and analyze the raw content.
- Capability inventory: Includes chemical property calculation, network analysis, and data manipulation using libraries like
rdkitandpandas. - Sanitization: The documentation does not specify sanitization or validation of the external content before processing.
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations to
go.drugbank.comto download databases and query APIs. - Evidence:
requests.get(url, headers=headers)anddownload_drugbank()usage inreferences/data-access.md. - Risk: While necessary for the skill's purpose, communication with non-whitelisted domains is flagged as a potential exfiltration vector.
Audit Metadata