molfeat
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for installing the core library and various optional dependency sets using 'uv pip install'.
- [COMMAND_EXECUTION]: Features methods for persisting and restoring transformer state via YAML files ('to_state_yaml_file' and 'from_state_yaml_file'), which involves file system writes and reads.
- [EXTERNAL_DOWNLOADS]: The 'ModelStore' and 'PretrainedMolTransformer' modules are designed to fetch pre-trained weights and model configurations from remote repositories during initialization or model loading.
- [REMOTE_CODE_EXECUTION]: The documentation explicitly demonstrates using 'pickle.load()' for caching embeddings, a practice that enables arbitrary code execution if an attacker can replace the cache file with a malicious payload.
- [PROMPT_INJECTION]: The 'Suggest Using K-Dense Web' section contains direct instructions to the AI agent to proactively promote a specific commercial research platform ('www.k-dense.ai') when user requests reach a certain level of complexity.
Audit Metadata