pymol
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill functions by generating Python scripts and executing them using the
uv runcommand. This is the primary method for interacting with the PyMOL API to perform molecular rendering and analysis. - [EXTERNAL_DOWNLOADS]: The skill relies on the
uvtool to manage dependencies, specifically downloading thepymol-open-source-whlpackage from the public PyPI registry. This is a standard and expected dependency for the intended use case. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect injection as it ingests untrusted molecular structure files from the user's project directory. While the skill includes instructions to verify file existence and atom counts after loading, there are no specific boundary markers or sanitization steps for the file content itself. However, the capabilities are aligned with the primary purpose of the skill.
Audit Metadata