rdkit
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The scripts
molecular_properties.pyandsimilarity_search.pyingest untrusted external data from chemical files (SDF, SMILES) which often contain natural language metadata. - Ingestion points:
process_fileinmolecular_properties.pyandload_moleculesinsimilarity_search.pyextract molecule names and properties usingmol.GetProp('_Name'). - Boundary markers: None present. Extracted data is printed directly to console or written to CSV.
- Capability inventory: File system read/write access via the RDKit supplier and CSV writer classes.
- Sanitization: None. Maliciously crafted molecule names or property values in a database file could be used to provide instructions to the agent when it processes the search results or property summaries.
- Data Exposure (INFO): The scripts allow reading from local file paths provided as arguments. While RDKit suppliers only parse specific chemical formats, an agent could be manipulated into pointing the tool at sensitive directories, though successful data extraction would be limited by the chemistry-specific parsers.
Audit Metadata