diffdock
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file path access patterns were found. The scripts check for the existence of user-specified protein and ligand files as part of their intended validation logic.
- Dynamic Execution (SAFE): The
setup_check.pyscript uses the__import__function to verify that required libraries are installed. The package names are hardcoded in the script and do not come from external or untrusted sources. - Remote Code Execution (SAFE): The analyzed files do not contain logic for downloading and executing remote scripts. Documentation mentions that model weights may be downloaded upon first run, which is standard for deep learning tools.
- Indirect Prompt Injection (SAFE): Although the script
prepare_batch_csv.pyingests CSV data, the data is only used for structural validation and file existence checks. The script lacks capabilities for network communication or command execution that could be exploited via malicious data content.
Audit Metadata