Skills
NYC
skills/ovachiever/droid-tings/chembl-database/Gen Agent Trust Hub

chembl-database

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill instructions and scripts recommend installing the chembl_webresource_client and pandas Python packages. These are well-known libraries for scientific data analysis and accessing the ChEMBL database.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and processes data from an external source (the ChEMBL API).
  • Ingestion points: Data is fetched via new_client methods in scripts/example_queries.py (e.g., get_molecule_info, search_molecules_by_name).
  • Boundary markers: No explicit delimiters or instructions are used to separate API-retrieved data from the agent's internal logic.
  • Capability inventory: The skill's scripts are restricted to data retrieval, filtering, and optional conversion to a pandas DataFrame; no high-risk capabilities like file system modification or arbitrary command execution were detected.
  • Sanitization: The scripts do not perform sanitization on the data returned from the ChEMBL API.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:59 PM