Skills
skills/eturkes/claude-scientific-skills/matchms/Gen Agent Trust Hub

matchms

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation and implementation support Python serialization via the pickle module (e.g., load_from_pickle and save_as_pickle in references/importing_exporting.md). This poses a risk because the pickle module is insecure and can be exploited to execute arbitrary code when loading data from untrusted sources.
  • [DATA_EXFILTRATION]: Outbound network connections are initiated to the PubChem API to retrieve chemical metadata. Evidence found in the derive_annotation_from_compound_name filter description in references/filtering.md.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from multiple external file formats, creating a vulnerability surface for indirect prompt injection. Ingestion points: load_from_mgf, load_from_mzml, load_from_msp, load_from_json, and load_from_usi in references/importing_exporting.md. Capability inventory: File system read/write, network requests (PubChem), and Python deserialization (pickle). Boundary markers: Absent. Sanitization: None mentioned for processing file content or USI strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 10:49 PM