asset-harvester
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches source code from NVIDIA's official GitHub repository and model checkpoints from the 'nvidia/asset-harvester' Hugging Face repository. It also installs dependencies from the official PyTorch registry and the nerfstudio-project on GitHub.
- [COMMAND_EXECUTION]: Uses Python's subprocess module in 'scripts/validate_setup.py' to verify system prerequisites such as NVIDIA drivers, GCC versions, and Conda availability. These checks are local and do not involve network execution.
- [CREDENTIALS_UNSAFE]: Includes explicit guidance for handling Hugging Face authentication tokens (HF_TOKEN) securely. It provides code samples to verify token existence without leaking the secret to terminal logs or environment history.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data including autonomous vehicle sensor logs (NCore V4) and user-supplied images.
- Ingestion points: 'image_root' (images/masks) and 'component_store' (NCore V4 clip manifests).
- Boundary markers: Relies on structured data formats (JSON, Zarr) for parsing logs.
- Capability inventory: Includes subprocess calls for inference and environment validation in 'scripts/validate_setup.py' and 'run.sh'.
- Sanitization: Employs standard machine learning libraries (PyTorch, safetensors) for data ingestion, which inherently limits direct prompt injection risks compared to free-text processing.
Audit Metadata