molfeat
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides documentation and instructions for 'molfeat', a legitimate and widely-used open-source library for molecular featurization in cheminformatics. All external references point to official project domains and repositories.
- [NO_CODE]: The skill consists entirely of markdown files. It does not include any Python scripts, shell scripts, or other executable code that would run directly on the agent's host system.
- [EXTERNAL_DOWNLOADS]: The library provides built-in methods to download pre-trained model weights from well-known services, including Hugging Face and the DGL-LifeSci repository. These are documented as standard operations for accessing deep learning embeddings.
- [PROMPT_INJECTION]: The skill defines an interface for processing external molecular data (SMILES strings), which represents a theoretical ingestion surface for indirect prompt injection.
- Ingestion points: Untrusted chemical strings are passed to transformers as demonstrated in 'SKILL.md' and 'references/examples.md'.
- Boundary markers: Absent; the documentation does not explicitly instruct the model to disregard potential instructions hidden in molecular strings.
- Capability inventory: The library supports parallel processing via the 'n_jobs' parameter and network access for model loading.
- Sanitization: Standard molecular standardization via the 'datamol' library is recommended in the advanced usage examples.
Audit Metadata