matchms
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Dynamic Execution (MEDIUM): The skill documentation explicitly lists 'Pickle (Python serialization)' as a supported format for importing and exporting spectra. Since Python's pickle module is insecure, loading malicious pickle files can lead to arbitrary code execution.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs the 'matchms' package from an unverified external source (PyPI/uv). While it is a known scientific library, it does not fall under the defined list of trusted organizations.
- Indirect Prompt Injection (LOW): The skill ingests untrusted scientific data from various file formats. * Ingestion points: Functions
load_from_mgf,load_from_mzml,load_from_msp, andload_from_jsoninSKILL.md. * Boundary markers: Absent; there are no instructions provided to the agent to treat data content as untrusted or to ignore embedded commands. * Capability inventory: The skill has the capability to read from and write to the local filesystem and process complex data structures. * Sanitization: Absent; no validation or sanitization of metadata strings is mentioned before they are processed by the agent.
Audit Metadata