matchms
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation explicitly supports the 'Pickle' serialization format for data ingestion.
- Evidence: SKILL.md lists 'Pickle (Python serialization)' under supported formats for the 'Core Capabilities' of importing/exporting data.
- Risk: Deserializing data using the Python 'pickle' module is unsafe and can result in arbitrary code execution on the host machine if the input file is maliciously crafted.
- [PROMPT_INJECTION]: The skill processes untrusted external data files which presents a surface for indirect prompt injection.
- Ingestion points: Data is loaded from external MGF, mzML, MSP, and JSON files.
- Boundary markers: There are no instructions or delimiters provided to prevent the agent from following instructions potentially embedded within these data files.
- Capability inventory: The skill has the ability to read and write to the local file system and perform complex data transformations.
- Sanitization: No sanitization or validation mechanisms are mentioned to filter out malicious content from the processed spectra files.
Audit Metadata