datamol-cheminformatics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core I/O and workflows explicitly accept and ingest remote files from untrusted sources (e.g., "All I/O functions accept S3, GCS, and HTTP paths directly" and examples like dm.read_sdf("s3://bucket/compounds.sdf") / HTTP via fsspec), and those external datasets are parsed and used to drive downstream decisions (standardization, filtering, clustering, hits selection), so third‑party content can materially influence agent actions.