Skills
skills/swn94/claude-scientific-skills/pubchem-database/Gen Agent Trust Hub

pubchem-database

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection via the processing of external data from PubChem.
  • Ingestion points: rate_limited_request in scripts/bioactivity_query.py and various search functions (e.g., search_by_name, get_compound_properties) in scripts/compound_search.py fetch data from pubchem.ncbi.nlm.nih.gov.
  • Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are implemented when processing the API responses.
  • Capability inventory: The skill includes a download_structure function in scripts/compound_search.py that can write files (SDF, JSON, PNG) to the local filesystem using a user-specified or data-derived filename.
  • Sanitization: There is no evidence of sanitization or path validation for the filename argument in download_structure, making it potentially susceptible to path traversal if the filename is influenced by untrusted data.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to an external resource.
  • Evidence: scripts/bioactivity_query.py uses the requests library to connect to https://pubchem.ncbi.nlm.nih.gov.
  • Context: While the target domain is a reputable government/academic resource, any external data source introduces a surface for indirect prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:54 AM