molfeat
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell commands for installing the
molfeatlibrary and its optional dependencies (e.g.,molfeat[all],molfeat[transformer]) usinguv pip install.- [EXTERNAL_DOWNLOADS]: The skill usesPretrainedMolTransformerand theModelStoreclass to fetch and load pre-trained molecular models and embeddings from external remote repositories during runtime.- [REMOTE_CODE_EXECUTION]: The documentation includes a code example for caching embeddings that uses Python'spickle.load()andpickle.dump()methods. Deserializing data from untrusted files usingpicklecan lead to arbitrary code execution if a user or the agent loads a malicious cache file.- [PROMPT_INJECTION]: The skill processes untrusted molecular data (SMILES strings) as input for featurization. This creates an indirect prompt injection surface where malicious instructions could be embedded in molecular metadata or sequences, potentially influencing downstream agent decisions if the featurized output or errors are re-incorporated into the LLM context without sanitization.
Audit Metadata