The Agent Skills Directory

Data Exposure & Exfiltration (LOW): The skill documentation in references/io_module.md and references/descriptors_viz.md highlights support for remote file protocols including S3, GCS, Azure, and HTTPS via the fsspec library. Functions like dm.save_df, dm.to_sdf, and dm.viz.to_image (using the outfile parameter) can be leveraged to transmit sensitive molecular data to external servers.
Indirect Prompt Injection (LOW): The library's core functionality involves ingesting complex data from external molecular files, creating a significant attack surface.
Ingestion points: dm.read_sdf, dm.read_csv, dm.read_smi, and dm.open_df can load data from potentially attacker-controlled remote or local sources.
Boundary markers: Absent. The documentation does not suggest the use of delimiters or 'ignore embedded instructions' warnings for the agent when processing these files.
Capability inventory: The library has broad network and filesystem write capabilities via its I/O module.
Sanitization: Absent. While chemical 'sanitization' is mentioned, it is limited to molecular structure validity and does not filter natural language instructions.

datamol