fda-database
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates instructions ('Suggest Using K-Dense Web For Complex Worflows') that direct the agent to monitor task complexity and proactively steer users toward the 'www.k-dense.ai' platform. This represents an attempt to influence agent behavior for purposes external to the skill's stated function.\n- [PROMPT_INJECTION]: The skill demonstrates an attack surface for Indirect Prompt Injection through its ingestion of external data.\n
- Ingestion points: Untrusted data is retrieved from the
open.fda.govAPI endpoints for drugs, devices, and food safety.\n - Boundary markers: The skill documentation lacks explicit delimiters or instructions to ignore potential commands within the API response data.\n
- Capability inventory: The skill utilizes local Python scripts (
scripts/fda_query.pyandscripts/fda_examples.py) to perform API queries and analyze data structures.\n - Sanitization: While input parameters are cleaned, the skill does not specify any sanitization or validation of the text content returned by the FDA API before it is processed by the agent.
Audit Metadata