sendcutsend
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official manufacturing specifications and design guides from
https://cdn.sendcutsend.com. These are legitimate data sources required for the skill's DFM (Design for Manufacturing) functionality. - [COMMAND_EXECUTION]: The skill uses a bundled Python script (
scripts/download_sources.py) to manage the downloading and caching of these external reference files. This is a standard automation pattern for AI agent skills. - [INDIRECT_PROMPT_INJECTION]: The skill processes external Markdown and JSON data which introduces a minor attack surface. Ingestion points:
references/generated/sendcutsend-ordering-guide.md,sendcutsend-catalog.json, andsendcutsend-specs.json. Boundary markers: Explicit instructions are provided to treat the data as evidence feeds rather than instructions, though technical delimiters are not used. Capability inventory: Usesscripts/download_sources.py(shell execution) and$cadtools. Sanitization: No specific sanitization or filtering of the external content is performed.
Audit Metadata