rdkit
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The 'SKILL.md' file recommends using the 'pickle' module for caching molecular data to improve performance. The 'pickle.load()' function is inherently insecure because it can execute arbitrary code during the deserialization process if the input file is malicious. Evidence: 'SKILL.md' states 'Pickle molecules for fast loading' and provides a code snippet using 'pickle.load(f)'.
- [PROMPT_INJECTION]: The skill's scripts ingest untrusted chemical data (SMILES strings, SDF files) and perform operations such as file writing, creating a surface for indirect prompt injection attacks where malicious data could influence agent behavior.
- Ingestion points: 'scripts/molecular_properties.py', 'scripts/similarity_search.py', 'scripts/substructure_filter.py'.
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are implemented for processed data.
- Capability inventory: The scripts include capabilities for reading/writing local files ('SDWriter', 'csv.DictWriter') and performing complex molecular calculations.
- Sanitization: No sanitization or validation of the input data is performed beyond standard chemical structure parsing.
Audit Metadata