matchms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill instructs the user to install the matchms library via pip. While matchms is a standard scientific package, it constitutes an unverifiable external dependency.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted spectrometry data files, creating a vulnerability surface. 1. Ingestion points: load_from_mgf, load_from_mzml, load_from_msp, and load_from_json in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: Local file read and write operations (save_as_mgf, save_as_json). 4. Sanitization: No validation or sanitization of spectral metadata or peak data is described.
- [Dynamic Execution] (LOW): The documentation explicitly mentions support for the Pickle serialization format. Using Pickle with data from untrusted sources is a known risk for arbitrary code execution, though the skill does not provide an implementation example.
Audit Metadata