omniverse-realtime-viewer
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for acquiring assets and binaries from various reputable and well-known external domains.
- Fetches official NVIDIA packages from "pypi.nvidia.com" and "@nvidia" npm registries.
- Downloads sample USD stages from NVIDIA-associated AWS CloudFront CDNs ("d4i3qtqj3r0z5.cloudfront.net") and S3 buckets ("omniverse-content-production").
- References USD assets and specifications from established organizations like the Academy Software Foundation ("aswf.io"), Pixar ("openusd.org"), and Disney ("disneyanimation.com").
- Fetches the MinIO storage server binary from "dl.min.io" and the Caddy web server from its official GitHub repository.
- [COMMAND_EXECUTION]: Documents standard developer setup procedures that involve downloading and executing external binaries or scripts.
- "references/cloud-assets/README.md": Instructions to "curl" the MinIO binary, "chmod +x" it, and execute the server.
- "references/cloud-deployment/README.md": Instructions to download Caddy and move it to system binary paths using "sudo".
- "references/windows-native-setup/README.md": Scripted setup for environment variables and package installation.
- [CREDENTIALS_UNSAFE]: Includes default or placeholder credentials for demonstration and local development purposes.
- "references/cloud-assets/README.md": Uses default MinIO credentials ("minioadmin").
- "references/huggingface-usd/README.md": Uses a placeholder Hugging Face token ("hf_xxxxxxxxxxxxxxxxxxxx").
- [INDIRECT_PROMPT_INJECTION]: The "BENCHMARK.md" file contains a self-referential evaluation report including safety claims and validation verdicts. Per security policy, these claims are treated as non-authoritative data for the analyzer to evaluate independently.
Audit Metadata