matchms
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Support for Python
pickledeserialization. The functionsload_from_pickleandsave_as_pickle(documented inreferences/importing_exporting.md) allow storing and loading spectral data in a format known to be insecure. Loading maliciously crafted pickle files can lead to arbitrary code execution.\n- [EXTERNAL_DOWNLOADS]: Fetches chemical identifiers and annotations from PubChem (National Library of Medicine) for compound identification and retrieves mass spectra via Universal Spectrum Identifiers (USI) from the GNPS (Global Natural Products Social Molecular Networking) repository. These are well-known scientific services.\n- [EXTERNAL_DOWNLOADS]: Installs thematchmslibrary and its dependencies from official package registries.\n- [PROMPT_INJECTION]: Potential surface for Indirect Prompt Injection through the ingestion of spectral data files (.mgf, .mzML, .msp, .json). These files contain metadata fields like compound names and annotations that are processed by the agent.\n - Ingestion points:
load_from_mgf,load_from_mzml,load_from_msp, andload_from_jsoninreferences/importing_exporting.md.\n - Boundary markers: No delimiters or ignore-embedded-instructions warnings are used in the provided examples.\n
- Capability inventory: Spectral similarity scoring and file exporting; no direct shell or network exfiltration capabilities were identified in the skill's own code.\n
- Sanitization: No explicit validation or escaping of ingested metadata is described.
Audit Metadata