The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to call the obabel (Open Babel) command-line interface for file conversion tasks. These calls are implemented using argument lists rather than shell strings, which is a secure practice that prevents shell injection. This behavior is essential to the skill's primary purpose.
[INDIRECT_PROMPT_INJECTION]: The script parses metadata, such as molecule titles, directly from chemical files provided by the user. If an attacker crafts a file with embedded instructions in the metadata fields, it could potentially influence the agent if it subsequently processes the file content or conversion logs. This represents a known indirect prompt injection surface common to file-processing utilities.
Ingestion points: scripts/convert_chemical.py (via _read_xyz, _read_sdf, and _read_gaussian methods).
Boundary markers: None detected.
Capability inventory: Local file read/write and execution of the obabel utility.
Sanitization: The script does not sanitize molecular metadata extracted from input files before writing them to output files or displaying them.

chemical-file-converter