drug-candidate-discovery
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow instructions command the agent to write entire Python scripts (e.g.,
drug_discovery_workflow.py) to the filesystem and subsequently execute them using the Bash tool. This pattern of script generation followed by shell execution is used to orchestrate complex operations including directory creation and data processing. - [EXTERNAL_DOWNLOADS]: The generated scripts perform network operations using the
requestslibrary to fetch data from the RCSB Protein Data Bank (search.rcsb.org) and UniProt (rest.uniprot.org). These are established scientific services used for retrieving protein metadata and 3D structures. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because user-supplied input (the
target_or_diseasename) is directly interpolated into a Python script template. - Ingestion points: The
target_or_diseaseinput inSKILL.mdflows into theTARGET_NAMEvariable in the generated Python script. - Boundary markers: None are present to delimit user input from the surrounding code logic.
- Capability inventory: The script being executed has capabilities to perform network requests, write files to the system, and access local project directories.
- Sanitization: There is no evidence of sanitization or escaping (such as quote handling) for the interpolated user input, allowing for potential code injection within the script execution context.
Audit Metadata