matchms
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill promotes the use of
load_from_pickleandsave_as_picklefor handling preprocessed spectra. The Pythonpicklemodule is insecure because it can execute arbitrary code during the deserialization of data. This poses a risk if the agent or user loads a malicious pickle file provided by an untrusted source. - [EXTERNAL_DOWNLOADS]: The skill utilizes external scientific services for data retrieval and annotation. The
derive_annotation_from_compound_namefilter fetches chemical identifiers from PubChem, and theload_from_usifunction retrieves spectral data from GNPS and other Universal Spectrum Identifier repositories. These are well-known scientific services. - [DATA_EXFILTRATION]: The skill includes several exporting functions such as
save_as_mgf,save_as_msp, andsave_as_json. These functions allow the agent to write processed spectral data and metadata to the local file system, which could be misused to write data to unauthorized locations. - [INDIRECT_PROMPT_INJECTION]: The skill processes complex, externally-sourced spectral data which is then used to derive metadata and chemical annotations.
- Ingestion points: Data is ingested from multiple file formats (mzML, MGF, MSP, JSON) and remote USI strings via
matchms.importing. - Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used during data ingestion.
- Capability inventory: The skill possesses file-write capabilities through the
matchms.exportingmodule and network access via chemical annotation filters. - Sanitization: Metadata harmonization filters are present, but they are designed for data standardization rather than security sanitization against malicious inputs.
Audit Metadata