Skills
skills/crazymsn/academic-skills/rdkit/Gen Agent Trust Hub

rdkit

Warn

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: MEDIUMSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill documentation suggests using the Python pickle module for performance optimization when handling molecular datasets.
  • Evidence: In SKILL.md, the 'Performance Optimization' section provides a code snippet using pickle.dump() and pickle.load() to save and load molecules.
  • Risk: The pickle module is not secure. Maliciously constructed data can cause arbitrary code execution during the unpickling process. This is particularly risky if users are encouraged to load pre-pickled datasets from external or untrusted sources.
  • [COMMAND_EXECUTION]: The provided Python scripts perform file system operations based on command-line arguments.
  • Evidence: scripts/molecular_properties.py, scripts/similarity_search.py, and scripts/substructure_filter.py utilize the argparse and pathlib modules to accept user-provided file paths for reading and writing molecular data (SDF, SMILES, CSV).
  • Risk: While standard for a data processing toolkit, these scripts allow the agent to read from and write to the local file system. Users should ensure that input paths are restricted to safe directories.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing the necessary chemical informatics libraries from well-known package registries.
  • Evidence: references/api_reference.md contains installation commands: conda install -c conda-forge rdkit and pip install rdkit-pypi.
  • Note: These references target official repositories for the RDKit project and are standard practice for setting up the required environment.
  • [SAFE]: The skill processes external molecular data formats which represent a potential surface for indirect prompt injection.
  • Ingestion points: File reading operations in all three utility scripts (SDMolSupplier, SmilesMolSupplier).
  • Boundary markers: Absent; data is ingested directly into RDKit's internal C++-backed molecule objects.
  • Capability inventory: The scripts are limited to file I/O and terminal output; they do not contain network requests or subprocess execution capabilities.
  • Sanitization: The RDKit library performs strict chemical validation and sanitization (e.g., Chem.SanitizeMol) on all imported molecular structures, which mitigates the risk of the agent interpreting the data as instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 09:23 AM
Security Audit — agent-trust-hub — rdkit