Skills
skills/internscience/chemclaw/smiles-to-iupac/Gen Agent Trust Hub

smiles-to-iupac

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/smiles_to_iupac.py invokes the stout command-line utility via subprocess.run to perform local chemical name translation. This operation is constrained to its specific task and does not use shell invocation.
  • [EXTERNAL_DOWNLOADS]: The skill connects to official scientific databases, including the National Center for Biotechnology Information (PubChem) and the National Cancer Institute (CADD), to fetch chemical names via HTTPS.
  • [PROMPT_INJECTION]: The skill processes external SMILES strings which constitutes an indirect prompt injection surface. Evidence chain: (1) Ingestion point: scripts/smiles_to_iupac.py via command-line arguments. (2) Boundary markers: Absent. (3) Capability inventory: Subprocess execution and network requests in scripts/smiles_to_iupac.py. (4) Sanitization: The input is validated using rdkit.Chem.MolFromSmiles, which limits the input to valid chemical structures and prevents execution of arbitrary string payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 06:45 AM