bambu-slicer
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the skill's code and instructions reveals no malicious patterns. The skill follows security best practices for secret management and input validation.- [COMMAND_EXECUTION]: The bundled slicing CLI executes OrcaSlicer via Bun.spawn, which avoids shell expansion risks. It specifically implements absolute path resolution for all input files to prevent filenames starting with dashes from being misinterpreted as command-line flags.- [CREDENTIALS_UNSAFE]: The skill includes dedicated sections in README.md and SKILL.md regarding 'Public-sharing safety,' instructing users to keep printer serials, access codes, and LAN IPs out of the repository. No hardcoded credentials or sensitive local paths were detected in the scripts.- [PROMPT_INJECTION]: The skill identifies the potential risk of processing untrusted data from MakerWorld and provides the agent with specific inspection workflows (e.g., using unzip and checksums) to verify model integrity before slicing.
- [SAFE]: The slicer profile patcher in slicer.ts implements a blacklist for prototype-polluting keys like proto and constructor when merging JSON configuration objects, preventing potential dynamic execution vulnerabilities.
Audit Metadata