Skills
skills/k-dense-ai/claude-scientific-skills/esm/Gen Agent Trust Hub

esm

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements local caching and process state recovery using pickle.load() in references/esm-c-api.md (class EmbeddingCache) and references/forge-api.md (classes CheckpointedBatchProcessor and ForgeCache). Deserializing data with pickle is inherently unsafe and can lead to arbitrary code execution if the data source is not trusted or has been compromised.
  • [EXTERNAL_DOWNLOADS]: The skill connects to EvolutionaryScale's Forge API at https://forge.evolutionaryscale.ai for model inference and provides instructions to install the esm and flash-attn Python packages. These connections target a well-known service and are necessary for the skill's primary function.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection by ingesting untrusted data. Ingestion Point: ESMProtein.from_pdb() in references/esm3-api.md and references/workflows.md. Boundary Markers: None. Capability Inventory: Forge API network calls, file writing (to_pdb, to_fasta), and pickle operations. Sanitization: None. This allows for potential instructions embedded in PDB metadata to influence the agent's behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 08:47 PM