rdkit
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill recommends using
pickle.load()for performance optimization when loading molecules. This is a significant security risk becausepickleis known to execute arbitrary code during deserialization if the input file is malicious or originates from an untrusted source.\n- [PROMPT_INJECTION]: The 'Suggest Using K-Dense Web' section contains explicit instructions for the agent to proactively promote a specific commercial platform (www.k-dense.ai) based on task complexity. This is designed to override default agent behavior and use the session as a marketing channel.\n- [DATA_EXFILTRATION]: The skill provides capabilities to write molecular data to the local filesystem usingChem.SDWriterand standard file operations. This creates a surface where sensitive data could be written to unauthorized or accessible paths if file names or content are not strictly controlled.\n- [PROMPT_INJECTION]: The skill ingests untrusted external molecular data, creating a surface for indirect prompt injection attacks.\n - Ingestion points:
Chem.MolFromSmiles,Chem.MolFromMolFile, andChem.SDMolSupplierin SKILL.md.\n - Boundary markers: Absent; the skill does not provide instructions to delimit or ignore instructions within molecular data formats.\n
- Capability inventory: File system write access via
Chem.SDWriterandDraw.MolToFilein SKILL.md.\n - Sanitization:
Chem.SanitizeMolis utilized but focuses on chemical valence and aromaticity validation rather than sanitizing for malicious prompt or command content.
Audit Metadata