roadrunner-import-scene
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and associated metadata do not contain any malicious patterns. The MATLAB code templates provided follow standard practices for the Automated Driving Toolbox and RoadRunner API.
- [DATA_EXPOSURE]: The skill accesses local file paths such as
C:/Program Files/and the user's home directory (USERPROFILE) to locate RoadRunner installations and projects. These operations are essential for the skill's stated purpose and do not involve exfiltration to external domains. - [COMMAND_EXECUTION]: The skill uses the
evaluate_matlab_codeandrun_matlab_filetools to execute MATLAB commands. This is the intended execution model for the toolkit and is used here to call official MathWorks toolbox functions likeroadrunner.connectandimportScene. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where it processes external map files (.rrhd, .xodr). However, these files are handled by the RoadRunner application binary, and the agent does not ingest the data content into its own reasoning context. The skill also enforces 'Enforcement Gates' (validation checks) before processing files, which serves as a security best practice.
Audit Metadata