Skills
skills/earthtojake/urdf-skill/urdf/Gen Agent Trust Hub

urdf

Warn

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The scripts/gen_urdf/cli.py script utilizes importlib to dynamically load and execute code from arbitrary Python files. Specifically, it calls module_spec.loader.exec_module(module) to execute the gen_urdf() function in the target file. This pattern allows for arbitrary code execution within the agent's environment. \n- [COMMAND_EXECUTION]: The skill provides a command-line interface (scripts/gen_urdf) that the agent is instructed to use. This command interacts with the filesystem and executes Python logic that can be influenced by external file content. \n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). If an attacker influences the content of a Python or URDF file that the agent processes, they can achieve unauthorized code execution. The XML parsing in scripts/urdf_source.py uses xml.etree.ElementTree, which lacks protection against XML External Entity (XXE) attacks. \n
  • Ingestion points: scripts/gen_urdf/cli.py (Python files) and scripts/urdf_source.py (URDF files). \n
  • Boundary markers: None are used to separate untrusted file content from instructions. \n
  • Capability inventory: Arbitrary Python execution (via importlib) and filesystem write operations. \n
  • Sanitization: The skill performs basic path and suffix checks but does not sanitize the content of the files it executes or parses.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 22, 2026, 10:58 PM
Security Audit — agent-trust-hub — urdf