rdkit
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard implementation of the RDKit library for scientific computing. All external links and package references point to official and reputable repositories.
- [EXTERNAL_DOWNLOADS]: The setup instructions reference the installation of the RDKit library via official package registries such as pip (rdkit-pypi) and conda-forge.
- [DATA_EXFILTRATION]: The skill includes functionality to read and write molecular data files (e.g., SDF, MOL) through standard RDKit IO modules. This behavior is necessary for the intended purpose of chemical data analysis and does not involve sensitive system paths or network exfiltration.
- [PROMPT_INJECTION]: The skill's ingestion of molecular data (SMILES strings and SDF files) represents a potential surface for indirect prompt injection if an agent interprets non-chemical metadata properties as instructions.
- Ingestion points: process_sdf in SKILL.md, MolFromSmiles and MolFromMolFile in api-reference.md.
- Boundary markers: None specified in the provided code examples.
- Capability inventory: File system read/write operations for molecular data processing.
- Sanitization: RDKit performs internal chemical structure validation (sanitization) but does not filter text-based metadata associated with chemical records.
Audit Metadata