The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The file references/data-access.md recommends using pickle.load() to cache parsed drug data. This is an insecure deserialization pattern; if the drugbank_parsed.pkl file is replaced by an attacker, it allows for arbitrary code execution.
[Unverifiable Dependencies] (MEDIUM): The skill requires the installation of drugbank-downloader and bioversions from PyPI. These are not part of the trusted repository list and represent an unverified dependency chain for pharmaceutical data handling.
[External Downloads] (LOW): The skill performs automated downloads of large XML datasets from go.drugbank.com via the drugbank-downloader utility. While this is the official source, it involves external network operations to a non-whitelisted domain.
[Indirect Prompt Injection] (LOW): The skill is designed to ingest and process large amounts of untrusted external data (XML/JSON) which could contain malicious instructions.
Ingestion points: download_drugbank() fetches XML files; requests.get() fetches JSON data from the DrugBank API.
Boundary markers: None. The skill does not implement delimiters or 'ignore instructions' warnings when processing drug descriptions or indications.
Capability inventory: requests.get (Network), pickle.dump/load (File System/Execution).
Sanitization: The skill lacks explicit sanitization or validation logic for the content extracted from the DrugBank database before it is presented to the agent.

drugbank-database