drug-discovery
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: In
SKILL.md, the 'Target & Disease Literature (OpenTargets)' workflow directly interpolates the${GENE}variable into acurlshell command string. Unlike other workflows in the skill that use a Python script to URL-encode input, this section lacks sanitization. This creates a vulnerability where malicious input (e.g., using shell command substitution like$(command)) could be executed by the shell environment processing the skill's instructions. - [EXTERNAL_DOWNLOADS]: The skill interacts with several external APIs including ChEMBL (
ebi.ac.uk), PubChem (ncbi.nlm.nih.gov), OpenFDA (fda.gov), and OpenTargets (opentargets.org). These are well-known, established scientific and governmental services, and the data retrieved is processed as JSON. Findings related to these trusted sources do not escalate the verdict. - [REMOTE_CODE_EXECUTION]: Multiple instances of
curl | python3were flagged by automated scanners. Detailed technical analysis shows these are false positives for malicious remote code execution; the patterns are used to pipe JSON data from trusted APIs into a local, static Python parser defined within the skill (json.load(sys.stdin)). The code being executed is part of the skill's own source, not code fetched from the internet.
Recommendations
- HIGH: Downloads and executes remote code from: https://www.ebi.ac.uk/chembl/api/data/target/search?q=${ENCODED}&format=json, https://www.ebi.ac.uk/chembl/api/data/molecule/${MOL_ID}?format=json, https://www.ebi.ac.uk/chembl/api/data/activity?target_chembl_id=${TARGET_ID}&pchembl_value__gte=6&limit=10&format=json - DO NOT USE without thorough review
Audit Metadata