Skills
skills/jimmc414/kosmos/datamol/Gen Agent Trust Hub

datamol

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill supports fetching molecular datasets from remote locations via HTTP/HTTPS and cloud storage protocols.
  • Evidence: Examples in SKILL.md and references/io_module.md show the use of dm.read_csv("https://example.com/data.csv") and dm.read_sdf("s3://bucket/compounds.sdf").
  • [DATA_EXFILTRATION]: The library includes functionality to write processed molecular data directly to remote cloud storage buckets (S3, GCS).
  • Evidence: Code snippets such as dm.to_sdf(mols, "s3://bucket/output.sdf") in SKILL.md and references/io_module.md demonstrate the capability to transmit data to external infrastructure.
  • [PROMPT_INJECTION]: The skill processes various untrusted molecular data formats (SDF, SMILES, CSV), representing an indirect prompt injection surface.
  • Ingestion points: Data ingestion occurs through dm.read_sdf, dm.read_csv, dm.read_excel, and dm.to_mol across all referenced documentation files.
  • Boundary markers: The skill documentation does not provide specific instructions for using boundary markers or delimiters to isolate parsed data from the agent's internal instruction context.
  • Capability inventory: The skill has access to the local file system (read/write), network operations via fsspec, and parallelized CPU execution.
  • Sanitization: While functions like dm.sanitize_mol are used to ensure the chemical validity of molecules, they do not perform sanitization of metadata or property fields for malicious natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:45 AM