diffdock
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references external resources for installation, including the official DiffDock GitHub repository (
gcorso/DiffDock) and its Docker Hub image (rbgcsail/diffdock). These are standard sources for the molecular docking software described in the skill's documentation. - [COMMAND_EXECUTION]: The skill facilitates the execution of docking tasks by invoking Python modules (e.g.,
python -m inference) and helper scripts (setup_check.py,analyze_results.py). These operations are necessary for the primary scientific function of the skill and operate on local data. - [PROMPT_INJECTION]: The skill processes untrusted external data such as SMILES strings, PDB files, and CSV batch files. This represents an indirect prompt injection surface where malicious inputs could theoretically influence the behavior of the underlying command-line tools. However, the skill includes a validation script (
prepare_batch_csv.py) that uses RDKit to verify SMILES formatting, providing a layer of input sanitization for scientific data.
Audit Metadata