tooluniverse-metabolomics-pathway
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to 'write and run Python code via Bash' for statistical analysis and data processing. This involves the dynamic generation and execution of scripts within the agent's environment.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to the following evidence chain:
- Ingestion points: Untrusted data is retrieved from multiple external biological databases, including PubChem, KEGG, CTD, and PubMed via tools like
Metabolite_searchandPubMed_search_articles. - Boundary markers: The instructions do not define specific delimiters or instructions to ignore potential commands embedded in the retrieved scientific data.
- Capability inventory: The agent has the capability to execute shell commands and Python scripts (
COMPUTE, DON'T DESCRIBE). - Sanitization: There are no documented procedures for sanitizing or validating the content returned from external APIs before it is used in computations or further prompts.
Audit Metadata