Skills
skills/jaechang-hits/sciagent-skills/matchms-spectral-matching/Gen Agent Trust Hub

matchms-spectral-matching

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill promotes and utilizes the load_from_pickle and save_as_pickle functions from the matchms library. Python's pickle module is known to be insecure as it can execute arbitrary code during the deserialization of data. If an agent loads a crafted pickle file from an untrusted source, it could lead to unauthorized code execution.
  • Evidence: from matchms.importing import load_from_pickle, spectra = list(load_from_pickle("spectra.pickle")) in SKILL.md.
  • [PROMPT_INJECTION]: The skill ingests data from external formats (JSON, MGF, MSP, mzML) that often contain rich metadata. This data entry point lacks explicit boundary markers or sanitization, creating a surface for indirect prompt injection where malicious instructions embedded in file metadata could influence the agent's logic.
  • Ingestion points: load_from_json, load_from_mgf, load_from_mzml, load_from_msp (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: File system writing via save_as_mgf, save_as_msp, save_as_json, and save_as_pickle (SKILL.md).
  • Sanitization: No security-focused validation or filtering of external metadata strings is mentioned.
  • [EXTERNAL_DOWNLOADS]: The skill includes functions designed to fetch chemical information and annotations from external databases like PubChem. This is a standard and well-documented behavior for chemical identification tasks using well-known scientific services.
  • Evidence: derive_annotation_from_compound_name in references/filtering_catalog.md (fetches SMILES/InChI from PubChem).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 02:33 AM