datamol
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The datamol.io module supports fetching molecular data from remote URLs (HTTP/HTTPS) and cloud providers (S3, GCS, Azure) via fsspec. This allows an agent to download content from arbitrary external sources. Evidence: references/io_module.md mentions dm.read_sdf and dm.read_csv with remote path support.
- [Data Exposure & Exfiltration] (MEDIUM): The skill provides functions to write data to remote locations, which could be used to exfiltrate sensitive molecular information or local datasets to attacker-controlled cloud buckets. Evidence: references/io_module.md describes dm.to_sdf and dm.save_df with support for S3, GCS, and Azure protocols.
- [Prompt Injection] (MEDIUM): The skill possesses a significant indirect prompt injection surface as it ingests and processes external data files (SDF, CSV, Excel) from potentially untrusted sources. Without strict input validation or boundary markers, metadata within these files could influence agent behavior. Evidence: reference/io_module.md describes multiple ingestion points for external molecular data.
Audit Metadata