deepchem
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (LOW): Both scripts utilize the
deepchem.molnetmodule (e.g.,load_tox21,load_delaney), which automatically downloads datasets from DeepChem's AWS S3 infrastructure if they are not found locally. This is standard research behavior but involves unverified external downloads.\n- [Indirect Prompt Injection] (LOW): The scripts feature a data ingestion surface via the--dataCSV argument.\n - Ingestion points: Custom data is loaded through
dc.data.CSVLoaderin both scripts.\n - Boundary markers: Absent (typical for CSV processing scripts).\n
- Capability inventory: No high-risk capabilities such as arbitrary command execution, network exfiltration of local files, or code execution were identified.\n
- Sanitization: Input strings are parsed into chemical representations by the DeepChem library, minimizing the risk of instructions affecting control flow.\n- [Data Exposure & Exfiltration] (SAFE): No evidence of hardcoded credentials or unauthorized data exfiltration was found. The scripts operate on local files and trusted benchmark data sources.
Audit Metadata