dxf
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically loads and executes Python modules from local file paths provided as arguments or generated at runtime. \n
scripts/packages/cadpy/src/cadpy/generation.py: The_load_generator_modulefunction usesimportlib.util.spec_from_file_locationandmodule_spec.loader.exec_module(module)to run functions such asgen_dxforgen_step. \nscripts/packages/cadpy/src/cadpy/assembly_spec.py: The_run_assembly_generatorfunction employs a similarimportlibpattern to execute code from a specified path. \n- Ingestion points: Agent-generated Python generator scripts loaded via target arguments in
scripts/packages/cadpy/src/cadpy/generation.py. \n - Boundary markers: None present in the execution flow to distinguish or restrict generated code. \n
- Capability inventory: Arbitrary Python code execution through
importliband file system manipulation viashutil.rmtree. \n - Sanitization: None detected; scripts are executed directly as Python modules. \n- [COMMAND_EXECUTION]: The skill uses a launcher script to manage generation workflows and performs file system operations. \n
scripts/dxf/cli.py: Orchestrates the execution of CAD generation commands. \nscripts/packages/cadpy/src/cadpy/generation.py: Executes recursive directory deletion usingshutil.rmtreeon paths derived from target arguments, which could be misused if input paths are manipulated.
Audit Metadata