Skills
skills/k-dense-ai/scientific-agent-skills/esm/Gen Agent Trust Hub

esm

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The reference documentation and workflow examples include Python code snippets for caching protein embeddings and checkpointing batch processing jobs that utilize the pickle module.
  • Evidence: In references/esm-c-api.md, references/forge-api.md, and references/workflows.md, classes such as EmbeddingCache, CheckpointedBatchProcessor, and ForgeCache use pickle.load() to deserialize data from local storage.
  • Risk: The pickle module is inherently unsafe for processing untrusted data; loading a malicious pickle file can lead to arbitrary code execution on the host system.
  • [COMMAND_EXECUTION]: The skill provides instructions for installing the toolkit and high-performance dependencies via the shell.
  • Evidence: SKILL.md contains installation commands uv pip install esm and uv pip install flash-attn.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external protein structure (PDB) files.
  • Ingestion points: SKILL.md and references/esm3-api.md document the use of ESMProtein.from_pdb() to load data from external files.
  • Boundary markers: There are no delimiters or instructions provided to the agent to treat the content of loaded PDB files as non-instructional data.
  • Capability inventory: The skill has the capability to execute shell commands (pip), perform network operations via the Forge API, and write files to the local system (to_pdb).
  • Sanitization: No sanitization or validation of the input file content is mentioned in the provided examples or documentation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 10:12 PM