tooluniverse-admet-prediction

Pass

Audited by Gen Agent Trust Hub on May 27, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied drug names and SMILES strings, creating a potential surface for indirect prompt injection if malicious instructions are embedded in these identifiers. However, this is a standard ingestion point for the intended scientific workflow.\n
  • Ingestion points: SKILL.md (PHASE 1: Compound Identity Resolution)\n
  • Boundary markers: Absent in instructions. The instructions do not specify using delimiters or 'ignore embedded instructions' warnings for the compound identifiers.\n
  • Capability inventory: Bash (shell access), Python (script execution), multiple ToolUniverse API tools for chemical databases.\n
  • Sanitization: Relies on identity resolution via PubChem tools before processing.\n- [COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool to execute Python code for processing retrieved data and generating statistics, which is a standard analytical capability for scientific agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 27, 2026, 02:48 PM
Security Audit — agent-trust-hub — tooluniverse-admet-prediction