omniverse-cad-to-simready

Fail

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes numerous external tools and manages Docker infrastructure.
  • It includes functionality in references/content-agents/scripts/content_agent_client.py to execute docker exec --user root commands. These commands are used to perform chmod -R a+rX operations on internal container paths to resolve permission issues with the Scene Optimizer.
  • It utilizes subprocess.run to manage git operations, uv environment synchronization, and various CAD converter CLIs.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic code execution and automated software installation.
  • references/preflight/scripts/preflight.py provides an installation command curl -LsSf https://astral.sh/uv/install.sh | sh as an instruction hint for the uv package manager.
  • Several components, such as references/simready-validate/scripts/run.py, automatically create Python virtual environments and install dependencies using pip install from requirement files found in upstream checkouts.
  • references/content-agents/scripts/content_agent_client.py executes dynamically constructed Python code blocks (MDL_UPLOAD_PREP_SNIPPET and USD_TOPOLOGY_INSPECTION_SNIPPET) via python -c inside a subprocess.
  • [DATA_EXFILTRATION]: The skill transmits asset data to remote services.
  • It converts local CAD and USD assets into data URIs or USDZ packages and uploads them to external NVIDIA service endpoints (Material, Physics, and Texture agents) for processing via multipart HTTP POST requests.
  • It manages sensitive API keys (e.g., NVIDIA_API_KEY, NGC_API_KEY) via environment variables, although it implements redaction mechanisms to prevent these keys from appearing in its generated JSON and Markdown reports.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through data ingestion.
  • references/identify-asset-context/scripts/run.py extracts identifiers and metadata from user-supplied CAD files. This potentially adversarial data is interpolated directly into prompts sent to downstream AI services and web search queries without exhaustive sanitization or strict boundary delimiters.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — omniverse-cad-to-simready