matchms
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill documentation lists 'Pickle (Python serialization)' as a supported format for importing mass spectrometry data. Loading pickle files from untrusted sources allows for arbitrary code execution because the deserialization process can be manipulated to run system commands.
- [Indirect Prompt Injection] (LOW): The skill ingests data from several external file formats (mzML, MGF, MSP, JSON) which contain metadata fields that are processed by the agent.
- Ingestion points: Data loading functions such as
load_from_mgfandload_from_jsondescribed in the 'Importing' section. - Boundary markers: None identified in the provided documentation or code snippets to separate data from instructions.
- Capability inventory: The skill possesses the ability to read and write files and perform complex metadata transformations.
- Sanitization: The skill performs metadata harmonization (e.g., lowercase conversion) but does not explicitly sanitize for hidden natural language instructions.
Audit Metadata