cli-anything-freecad
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions involve executing a local installation command
pip install -e freecad/agent-harnessto set up thecli-anything-freecadtool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external CAD models and spreadsheets which can then be processed by the agent. * Ingestion points: File import commands for various formats including STEP, IGES, and STL, as well as spreadsheet data entry (SKILL.md). * Boundary markers: Absent. There are no delimiters or instructions provided to separate data from commands. * Capability inventory: The skill has the ability to write to the filesystem via export and save commands (SKILL.md) and execute FreeCAD commands. * Sanitization: Absent. The skill does not describe any validation or sanitization of content from imported files.
Audit Metadata