tooluniverse-chemical-safety

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the tooluniverse[ml] Python package. This dependency is associated with the skill's specific ecosystem and primary developer context.
  • [COMMAND_EXECUTION]: The instructions direct the agent to 'write and run Python code via Bash' to perform complex statistical analysis and data visualization. This is a legitimate functional requirement for processing scientific datasets from sources like PubChem and CTD.
  • [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted data (chemical names, SMILES strings) and processes it through dynamic code execution and external tool calls.
  • Ingestion points: User-provided chemical names, SMILES strings, and identifiers in SKILL.md and phase-details.md.
  • Boundary markers: The skill lacks explicit instructions for using delimiters or 'ignore embedded instructions' warnings when handling user data.
  • Capability inventory: The skill can perform shell command execution, file writes, and network operations via its toolset (STITCH, PubChem, etc.) and direct Python execution.
  • Sanitization: There are no specific instructions for sanitizing or validating user input before its inclusion in dynamically generated scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 05:26 AM
Security Audit — agent-trust-hub — tooluniverse-chemical-safety