The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script examples/basic_example.py uses the eval() function to parse output from an ADMET property prediction pipeline (SIDER task). If an attacker can influence the inputs to this pipeline—such as by providing a malicious PDB file or triggering a specific model response—they could potentially inject arbitrary Python code that gets executed during the parsing step. This is a significant safety concern as it creates a path from untrusted data to code execution.
[COMMAND_EXECUTION]: The script examples/basic_example.py utilizes subprocess.run() to invoke a secondary Python script for 3D visualization. Although the command arguments (file paths for molecules and proteins) are constructed within the script's local environment, using sub-processes to execute code adds complexity and potential surfaces for command-line manipulation if environment variables or paths were ever compromised.
[EXTERNAL_DOWNLOADS]: The skill automatically downloads protein structures from the Protein Data Bank (PDB) based on user-provided IDs or search terms. While downloading from PDB is a standard operation for this use case, the skill processes these external files through multiple complex pipelines (extraction, generation, docking), which could be susceptible to malformed file attacks if the underlying bioinformatics libraries have vulnerabilities.

target-based-lead-design