skills/earthtojake/text-to-cad/dxf/Gen Agent Trust Hub

dxf

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill dynamically loads and executes Python modules from local file paths provided as arguments or generated at runtime. \n
  • scripts/packages/cadpy/src/cadpy/generation.py: The _load_generator_module function uses importlib.util.spec_from_file_location and module_spec.loader.exec_module(module) to run functions such as gen_dxf or gen_step. \n
  • scripts/packages/cadpy/src/cadpy/assembly_spec.py: The _run_assembly_generator function employs a similar importlib pattern to execute code from a specified path. \n
  • Ingestion points: Agent-generated Python generator scripts loaded via target arguments in scripts/packages/cadpy/src/cadpy/generation.py. \n
  • Boundary markers: None present in the execution flow to distinguish or restrict generated code. \n
  • Capability inventory: Arbitrary Python code execution through importlib and file system manipulation via shutil.rmtree. \n
  • Sanitization: None detected; scripts are executed directly as Python modules. \n- [COMMAND_EXECUTION]: The skill uses a launcher script to manage generation workflows and performs file system operations. \n
  • scripts/dxf/cli.py: Orchestrates the execution of CAD generation commands. \n
  • scripts/packages/cadpy/src/cadpy/generation.py: Executes recursive directory deletion using shutil.rmtree on paths derived from target arguments, which could be misused if input paths are manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 07:02 PM
Security Audit — agent-trust-hub — dxf