Skills
skills/wu-yc/labclaw/datamol/Gen Agent Trust Hub

datamol

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from formats such as SDF, CSV, and Excel, as well as from remote URLs (S3, GCS, HTTP). This creates a vulnerability to indirect prompt injection where malicious text could be hidden in molecular data or metadata fields.
  • Ingestion points: Data loading functions including dm.read_sdf, dm.read_csv, and dm.open_df in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to disregard embedded text are included in the documentation.
  • Capability inventory: The skill includes functions for file writing (dm.to_sdf) and remote data access via fsspec.
  • Sanitization: Molecular sanitization is mentioned for chemical validity, but no sanitization for natural language instructions is present.
  • [EXTERNAL_DOWNLOADS]: Fetches the datamol package from the standard Python Package Index.
  • [COMMAND_EXECUTION]: Installs the required library via the shell and uses parallel processing features that utilize subprocesses.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:47 AM