datamol
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill implements remote file I/O capabilities through the
fsspeclibrary, allowing users to read molecular datasets directly from Amazon S3, Google Cloud Storage, and web URLs (HTTP/HTTPS). This is a standard feature of thedatamolpackage designed for handling large-scale chemical data. - [DATA_EXFILTRATION]: The skill's I/O module supports writing molecules and DataFrames to remote cloud storage locations. While this allows data to be moved to external infrastructure, it is a documented and expected function for saving research outputs in distributed environments.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted external data files (SDF, CSV, Excel). If a data file contains instructions hidden in molecular metadata fields, it could potentially influence the agent's behavior during analysis.
- Ingestion points: Data enters the agent's context through functions such as
dm.read_sdf(),dm.read_csv(), anddm.open_df()as documented inreferences/io_module.md. - Boundary markers: The skill does not implement explicit delimiters or instructions to ignore natural language content within data fields.
- Capability inventory: The toolset includes significant capabilities such as writing to the local and remote file systems (
dm.to_sdf(),dm.to_xlsx()) and performing network operations via cloud storage protocols. - Sanitization: The library provides extensive chemical sanitization (
dm.sanitize_mol()) to ensure structural validity, but it does not filter or sanitize natural language instructions from data attributes.
Audit Metadata