chembl-search
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes a procedure to locate and run internal scripts using a
findcommand in the~/.claude/plugins/cachedirectory for environment-specific path resolution. - [EXTERNAL_DOWNLOADS]: The skill makes network calls to the Valyu API at
api.valyu.aito retrieve search data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via search results. Ingestion points: Results from
api.valyu.ai/v1/search. Boundary markers: Absent. Capability inventory: Local script execution and network access. Sanitization: None provided for external content.
Audit Metadata