tooluniverse-infectious-disease
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes data from external, untrusted sources including PubMed, BioRxiv, MedRxiv, and ArXiv.\n
- Ingestion points: Data enters the agent context through literature searches (e.g.,
PubMed_search_articles,BioRxiv_search_preprints) and scientific database queries (NCBI_Taxonomy_search,UniProt_search,ChEMBL_search_targets) as described in the workflow sections of SKILL.md.\n - Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores potentially malicious instructions embedded within the research paper summaries or database entries.\n
- Capability inventory: The skill is primarily focused on data synthesis, report generation, and computational drug docking (NvidiaNIM); it does not appear to have access to dangerous system-level commands or sensitive file-write capabilities beyond the specified report files.\n
- Sanitization: The instructions lack explicit validation or filtering mechanisms for the content retrieved from external literature and databases.
Audit Metadata