omniverse-cad-to-simready
Fail
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes numerous external tools and manages Docker infrastructure.
- It includes functionality in
references/content-agents/scripts/content_agent_client.pyto executedocker exec --user rootcommands. These commands are used to performchmod -R a+rXoperations on internal container paths to resolve permission issues with the Scene Optimizer. - It utilizes
subprocess.runto managegitoperations,uvenvironment synchronization, and various CAD converter CLIs. - [REMOTE_CODE_EXECUTION]: The skill performs dynamic code execution and automated software installation.
references/preflight/scripts/preflight.pyprovides an installation commandcurl -LsSf https://astral.sh/uv/install.sh | shas an instruction hint for theuvpackage manager.- Several components, such as
references/simready-validate/scripts/run.py, automatically create Python virtual environments and install dependencies usingpip installfrom requirement files found in upstream checkouts. references/content-agents/scripts/content_agent_client.pyexecutes dynamically constructed Python code blocks (MDL_UPLOAD_PREP_SNIPPETandUSD_TOPOLOGY_INSPECTION_SNIPPET) viapython -cinside a subprocess.- [DATA_EXFILTRATION]: The skill transmits asset data to remote services.
- It converts local CAD and USD assets into data URIs or USDZ packages and uploads them to external NVIDIA service endpoints (Material, Physics, and Texture agents) for processing via multipart HTTP POST requests.
- It manages sensitive API keys (e.g.,
NVIDIA_API_KEY,NGC_API_KEY) via environment variables, although it implements redaction mechanisms to prevent these keys from appearing in its generated JSON and Markdown reports. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through data ingestion.
references/identify-asset-context/scripts/run.pyextracts identifiers and metadata from user-supplied CAD files. This potentially adversarial data is interpolated directly into prompts sent to downstream AI services and web search queries without exhaustive sanitization or strict boundary delimiters.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata