matchms
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides functionality to load and save data using the Python 'pickle' serialization format. Deserializing data from untrusted pickle files is a known security risk that can lead to arbitrary code execution.
- [EXTERNAL_DOWNLOADS]: The skill documentation describes installing external Python libraries such as 'matchms' and 'rdkit'. It also includes functions like 'derive_annotation_from_compound_name' that interact with the PubChem API, a well-known scientific service, to retrieve chemical data.
- [PROMPT_INJECTION]: The skill's ability to ingest and parse various mass spectrometry data formats (MGF, MSP, mzML, JSON, etc.) presents a surface for indirect prompt injection through parsed metadata.
- Ingestion points: Functions like 'load_from_mgf' and 'load_from_mzml' described in 'references/importing_exporting.md' ingest data from external files.
- Boundary markers: No specific delimiters or 'ignore' instructions are documented for separating ingested metadata from agent instructions.
- Capability inventory: The skill includes capabilities for file system access (read/write) and network requests to the PubChem API.
- Sanitization: The documentation does not specify sanitization procedures for metadata fields extracted from data files.
Audit Metadata