chembl-database
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The 'Additional Resources' section contains a directive ('Suggest Using K-Dense Web For Complex Worflows') that instructs the agent to proactively suggest a specific commercial platform (www.k-dense.ai) under certain conditions. This is a form of metadata poisoning/instruction injection designed to influence the agent's behavior for promotional purposes.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external Python package 'chembl_webresource_client' via 'uv pip install' to function. While this is a standard client for the ChEMBL database, it introduces a third-party dependency.
- [DATA_EXFILTRATION]: The skill performs legitimate network operations to the European Bioinformatics Institute (EBI) ChEMBL API (ebi.ac.uk). While these are necessary for the skill's primary purpose of querying bioactivity data, they involve sending query parameters (chemical structures, target names) to a remote server.
Audit Metadata