The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in SKILL.md recommends using the Python 'pickle' module for 'fast loading' of molecular data. Python's 'pickle' module is insecure against maliciously constructed data and can result in arbitrary code execution during deserialization. Users should never unpickle data from untrusted sources.
[EXTERNAL_DOWNLOADS]: The skill documentation (references/api_reference.md) instructs users to install the 'rdkit' and 'rdkit-pypi' packages via standard package managers like pip and conda. These are well-known scientific libraries from established repositories.
[COMMAND_EXECUTION]: The skill includes several Python scripts (molecular_properties.py, similarity_search.py, substructure_filter.py) that use the 'argparse' module to process command-line arguments and interact with the local file system to read and write chemistry files (SDF, SMILES, CSV).
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external data in formats like SMILES, SMARTS, and SDF (in SKILL.md and multiple scripts).
Ingestion points: Molecular structure strings and data files parsed by Chem.MolFromSmiles, Chem.SDMolSupplier, and related I/O functions.
Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores natural language instructions that might be embedded in molecular properties or atom labels.
Capability inventory: The skill has the capability to read/write files and execute logic based on the content of these molecules.
Sanitization: RDKit performs chemical validation (sanitization) but does not validate or filter for natural language instruction patterns within the data fields.

rdkit