pymatgen
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The script 'phase_diagram_generator.py' performs network requests to 'next-gen.materialsproject.org'. While this is a reputable scientific resource, the domain is not on the pre-approved whitelist for network operations.\n- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). The structure analysis and conversion tools ingest external, potentially untrusted data files (CIF, POSCAR, JSON, YAML) and output the parsed data (formulas, chemical systems) to the agent's context. A malicious file could contain prompt injection text in metadata fields designed to influence the agent's subsequent actions.\n
- Ingestion points: 'structure_analyzer.py' and 'structure_converter.py' via 'Structure.from_file'.\n
- Boundary markers: None present; data is printed directly to stdout.\n
- Capability inventory: Network access via MPRester and file system write access via '--output' and '--output-dir' arguments.\n
- Sanitization: No sanitization or escaping of ingested material data (e.g., formulas, site labels) before display.
Audit Metadata