The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/gcode_tool.py script executes external slicer binaries to process 3D models and generate G-code.
Evidence: Use of subprocess.run(plan["command"], ...) in scripts/gcode_tool.py.
Analysis: Commands are executed using argument lists rather than shell strings, which is the recommended practice for preventing shell injection vulnerabilities. The script also validates that mesh inputs match supported extensions and requires absolute paths for configuration profiles.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing well-known slicer software if it is not already installed on the system.
Evidence: SKILL.md and references/slicer-backends.md suggest using brew install --cask orcaslicer on macOS.
Analysis: These are standard setup instructions for well-known industry tools. The skill itself does not perform any automated network requests or downloads.
[INDIRECT_PROMPT_INJECTION]: The skill reads and processes external data from mesh files and generated G-code files during the validation phase.
Ingestion points: scripts/gcode_tool.py reads content from user-supplied mesh files and G-code output files.
Boundary markers: Not explicitly used, as the files are treated as raw data for parsing.
Capability inventory: The script can read files and execute local slicer binaries.
Sanitization: The G-code validator extracts only the command mnemonics (e.g., G0, M104) and numeric parameters for its analysis. This constrained parsing prevents the agent from misinterpreting arbitrary text inside G-code comments as instructions.

gcode