Skills
skills/jackspace/claudeskillz/matchms/Gen Agent Trust Hub

matchms

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Dynamic Execution] (MEDIUM): The skill documentation explicitly lists 'Pickle (Python serialization)' as a supported format for importing spectra.
  • Evidence: SKILL.md under 'Supported formats' lists 'Pickle (Python serialization)'.
  • Risk: Python's pickle module is insecure against erroneous or maliciously constructed data. Loading a pickle file from an untrusted source can lead to arbitrary code execution.
  • [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from external files (mzML, MGF, MSP, JSON) which may contain attacker-controlled metadata.
  • Ingestion points: load_from_mgf, load_from_mzml, load_from_msp, and load_from_json in SKILL.md.
  • Boundary markers: Absent. The library usage examples do not show delimiters or instructions to ignore embedded content within scientific data files.
  • Capability inventory: The skill allows for file system read/write operations (load_from_*, save_as_*).
  • Sanitization: No mention of metadata sanitization or validation of internal string fields that might be used by an LLM in downstream tasks.
  • [Unverifiable Dependencies] (LOW): The skill instructs the user to install external Python packages via pip.
  • Evidence: pip install matchms and pip install matchms[chemistry] in SKILL.md.
  • Status: While matchms is a legitimate scientific library, the use of external dependencies introduces a minor risk of supply chain issues if not properly version-locked or if installed from untrusted mirrors.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:10 PM