matchms
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill explicitly supports the Python 'Pickle' serialization format for importing and exporting mass spectrometry data. Python's pickle module is inherently insecure and can lead to arbitrary code execution (ACE) during deserialization. If an attacker provides a malicious .pickle or .pkl file, loading it via this skill would compromise the environment.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from various external file formats (mzML, MGF, MSP, JSON) and extracts metadata from them. There is a risk that maliciously crafted metadata inside these files could influence the agent's behavior.
- Ingestion points:
load_from_mgf,load_from_mzml,load_from_msp, andload_from_jsoninSKILL.md. - Boundary markers: None identified in the provided documentation.
- Capability inventory: File system read/write, data processing, and visualization (
plot). - Sanitization: No mention of metadata sanitization or validation against structural integrity.
- Unverifiable Dependencies (LOW): The skill requires the installation of
matchmsandmatchms[chemistry]. While these are legitimate scientific packages, they are installed viauv pip install, which is a standard package management operation.
Audit Metadata