drugbank-search
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill relies on shell scripts (
scripts/search) that take natural language queries as arguments. If the underlying bash script or the AI agent does not strictly escape these inputs, it creates a vector for command injection (e.g., a query containing; rm -rf /). - CREDENTIALS_UNSAFE (MEDIUM): The instructions explicitly direct the agent to pass the user's Valyu API key as a command-line argument:
scripts/search setup <api-key>. Secrets passed via CLI arguments are visible in process monitors (likeps) and are often recorded in shell history files, making them accessible to other users or processes on the system. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from an external API (
api.valyu.ai) and provides it to the agent. - Ingestion points:
scripts/searchoutput containing drug descriptions and interaction data from Valyu. - Boundary markers: None specified in the prompt templates.
- Capability inventory: File discovery (
find), shell execution (scripts/search), and network access (fetch). - Sanitization: No mention of sanitizing or escaping the retrieved content before it is processed by the agent.
Audit Metadata