tooluniverse
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation instructs the user to install the 'tooluniverse' Python package using 'uv pip install tooluniverse'. This package is not from a trusted organization or repository listed in the security guidelines, representing an unverified dependency risk.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). It retrieves data from untrusted external sources (PubMed, GEO, UniProt) and processes it through LLM-based tools without visible sanitization or boundary markers.
- Ingestion points: Data entering through 'PubMed_search', 'GEO_download_dataset', and 'UniProt_get_sequence' as seen in 'references/tool-composition.md'.
- Boundary markers: Absent; examples show direct interpolation of tool outputs into subsequent logic.
- Capability inventory: The skill provides access to over 600 tools via 'tu.run', including file system access through the 'save_to_file' hook and external API interactions.
- Sanitization: No evidence of input validation or escaping for data retrieved from external APIs before it is passed to LLM summarization tools.
Audit Metadata