rdkit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The scripts rely on rdkit, a well-known and trusted scientific library. The installation instructions provided in error messages point to standard, reputable sources like conda-forge.
- DATA_EXFILTRATION (SAFE): There are no network calls or attempts to access sensitive system files. All file operations are restricted to paths explicitly provided via command-line arguments.
- COMMAND_EXECUTION (SAFE): The scripts do not use os.system, subprocess, or any other methods to execute external shell commands.
- PROMPT_INJECTION (SAFE): No malicious instructions or bypass attempts were found in the scripts or documentation.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes external chemical data files (SDF, SMILES). While these are ingestion points for external data, the scripts handle them through structured scientific parsers. Evidence: 1. Ingestion points: process_file in molecular_properties.py and load_molecules in similarity_search.py. 2. Boundary markers: Absent. 3. Capability inventory: Computational analysis, file read/write to local paths. 4. Sanitization: RDKit's internal parsers validate chemical structure formats.
Audit Metadata