drugbank-search
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash and Node.js scripts (
scripts/search,scripts/search.mjs) to interact with the search API and handle configuration settings. It uses a dynamic path resolution command to locate these scripts within the plugin environment.- [EXTERNAL_DOWNLOADS]: The skill connects to the Valyu API atapi.valyu.aito retrieve pharmacological data, drug mechanisms, and interaction information.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes and renders natural language content (such as drug descriptions and mechanisms) retrieved from the external DrugBank database. - Ingestion points: Drug information, mechanisms of action, and interaction data returned from the Valyu API search results.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's processing logic.
- Capability inventory: The skill can execute shell commands via the included
scripts/searchutility. - Sanitization: The documentation does not specify any sanitization or filtering of the content returned by the API before it is processed by the agent.
Audit Metadata