The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill's documentation and code examples (found in SKILL.md and references/examples.md) demonstrate the use of pickle.load() for caching molecular embeddings. The pickle module is known to be vulnerable to arbitrary code execution because it can deserialize objects that trigger command execution. Providing this as a recommended pattern without explicit security warnings creates a vulnerability surface if users load cache files from untrusted or external sources.\n
Evidence: embeddings = pickle.load(f) in SKILL.md and references/examples.md.\n- [EXTERNAL_DOWNLOADS]: The skill automates the discovery and downloading of pre-trained machine learning models and chemical embeddings from external hubs such as HuggingFace, DGL-LifeSci, and Microsoft Research repositories. These are treated as well-known technology services and are documented as part of the core featurization workflow.\n
Evidence: Documented use of PretrainedMolTransformer and ModelStore for loading models like ChemBERTa-77M-MLM and Graphormer-pcqm4mv2 in references/api_reference.md and references/available_featurizers.md.

molfeat