molfeat
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The code examples in
SKILL.mdandreferences/examples.mddemonstrate the use ofpickle.load()for caching molecular embeddings. Thepicklemodule is known for unsafe deserialization, where loading a maliciously crafted file can result in the execution of arbitrary code on the host system. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) due to its core function of processing external data.
- Ingestion points: Untrusted molecular data in the form of SMILES strings are ingested into
MoleculeTransformerandPretrainedMolTransformerinstances across all referenced code examples. - Boundary markers: There are no instructions or delimiters provided to the agent to treat the ingested SMILES data as untrusted or to ignore any potential embedded instructions.
- Capability inventory: The skill utilizes parallel processing via
n_jobs(invoking subprocesses/multiprocessing), performs file system writes viato_state_yaml_file, and performs network-based model loading through its integration with HuggingFace and other repositories. - Sanitization: While the skill describes chemical standardization and salt removal using
datamol, these processes are intended for data quality and do not sanitize against adversarial prompt injection techniques. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
molfeatlibrary and various optional extras (such asdgl,graphormer, andtransformer) from the PyPI package registry. It also references official project documentation and repositories hosted on GitHub and datamol.io.
Audit Metadata