tooluniverse-small-molecule-discovery
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process chemical identifiers and SMILES strings from users and external tools. This ingestion of untrusted data represents a surface for indirect prompt injection.\n
- Ingestion points: Compound names, SMILES strings, and assay data are processed across all phases in SKILL.md.\n
- Boundary markers: Absent. The instructions do not define delimiters or provide guidance for the agent to ignore instructions embedded within chemical data strings.\n
- Capability inventory: The agent is instructed to write and execute Python scripts via a Bash shell for data processing (SKILL.md).\n
- Sanitization: Absent. No validation or escaping of external chemical data is required before it is used in tool calls or analysis scripts.\n- [COMMAND_EXECUTION]: The skill contains a 'COMPUTE, DON'T DESCRIBE' section that explicitly directs the agent to generate and execute Python code using a Bash shell. While intended for legitimate data analysis and visualization using pandas and scipy, this provides a powerful capability that could be targeted via prompt injection.\n- [EXTERNAL_DOWNLOADS]: The documentation mentions the installation of the 'tooluniverse[ml]' package via pip to enable machine-learning-based ADMET predictions. This is a standard dependency for the skill's scientific functionality.
Audit Metadata