alphafold
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (MEDIUM): The file
SKILL.mdprovides a Python code snippet for extracting metrics that usespickle.load(). Pickle is insecure because it can execute arbitrary code during the deserialization of tampered or malicious files.\n- [External Downloads] (MEDIUM): The fileSKILL.mdinstructs the user to clone the AlphaFold repository fromhttps://github.com/deepmind/alphafold.git. Since thedeepmindorganization is not in the defined trusted source list, this is flagged as an external code download concern.\n- [Command Execution] (LOW): The filereferences/multimer.mdcontains a bash script for batch processing that incorporates file paths directly into shell commands. This pattern can be vulnerable to command injection if filenames contain shell metacharacters and are not properly sanitized.
Audit Metadata