tooluniverse-chemical-safety
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
tooluniverse[ml]Python package. This dependency is associated with the skill's specific ecosystem and primary developer context. - [COMMAND_EXECUTION]: The instructions direct the agent to 'write and run Python code via Bash' to perform complex statistical analysis and data visualization. This is a legitimate functional requirement for processing scientific datasets from sources like PubChem and CTD.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted data (chemical names, SMILES strings) and processes it through dynamic code execution and external tool calls.
- Ingestion points: User-provided chemical names, SMILES strings, and identifiers in SKILL.md and phase-details.md.
- Boundary markers: The skill lacks explicit instructions for using delimiters or 'ignore embedded instructions' warnings when handling user data.
- Capability inventory: The skill can perform shell command execution, file writes, and network operations via its toolset (STITCH, PubChem, etc.) and direct Python execution.
- Sanitization: There are no specific instructions for sanitizing or validating user input before its inclusion in dynamically generated scripts.
Audit Metadata