The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The skill documentation explicitly lists 'Pickle (Python serialization)' as a supported format for importing and exporting mass spectrometry data. In Python, pickle.load() is inherently unsafe as it can execute arbitrary code during the deserialization process. An attacker providing a malicious .pickle or .pkl file could achieve remote code execution (RCE) on the agent's host environment if the skill is used to process untrusted external data.
[Indirect Prompt Injection] (LOW): The skill is designed to ingest and process external scientific data formats (mzML, MGF, MSP, JSON). This creates an attack surface where malicious instructions could be embedded in metadata fields (e.g., compound names or comments). However, the skill primarily performs mathematical and structural analysis, reducing the likelihood of these instructions being interpreted as agent commands.
Ingestion points: load_from_mgf, load_from_mzml, load_from_msp, load_from_json in SKILL.md.
Boundary markers: Not explicitly defined in the prompt templates.
Capability inventory: Subprocess calls via uv pip install, file read/write operations for spectral data.
Sanitization: The skill includes extensive filtering and metadata harmonization (default_filters), which may provide some implicit sanitization of scientific fields.

matchms