roadrunner-import-scene

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill instructions and associated metadata do not contain any malicious patterns. The MATLAB code templates provided follow standard practices for the Automated Driving Toolbox and RoadRunner API.
  • [DATA_EXPOSURE]: The skill accesses local file paths such as C:/Program Files/ and the user's home directory (USERPROFILE) to locate RoadRunner installations and projects. These operations are essential for the skill's stated purpose and do not involve exfiltration to external domains.
  • [COMMAND_EXECUTION]: The skill uses the evaluate_matlab_code and run_matlab_file tools to execute MATLAB commands. This is the intended execution model for the toolkit and is used here to call official MathWorks toolbox functions like roadrunner.connect and importScene.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where it processes external map files (.rrhd, .xodr). However, these files are handled by the RoadRunner application binary, and the agent does not ingest the data content into its own reasoning context. The skill also enforces 'Enforcement Gates' (validation checks) before processing files, which serves as a security best practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:26 AM
Security Audit — agent-trust-hub — roadrunner-import-scene