tooluniverse-chemical-compound-retrieval

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests untrusted chemical structure data which is then used in executable shell commands.\n
  • Ingestion points: User-supplied chemical structure strings (SMILES) as described in the 'SMILES Verification' section of SKILL.md.\n
  • Boundary markers: Absent. The instructions direct the agent to interpolate the user-provided string directly into a shell command template without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: The skill requires a subprocess call to execute a local Python script (python3 src/tooluniverse/tools/smiles_verifier.py) to verify chemical identity.\n
  • Sanitization: Absent. There are no instructions to sanitize or escape the SMILES string before it is passed to the shell, creating a potential command injection vector.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script (src/tooluniverse/tools/smiles_verifier.py) using python3 with user-controlled arguments. The lack of input validation for the --smiles argument represents a security risk where a malicious user could provide a crafted string containing shell metacharacters to execute arbitrary commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 05:26 AM
Security Audit — agent-trust-hub — tooluniverse-chemical-compound-retrieval