omniverse-usd-performance-tuning

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing Omniverse Kit and Scene Optimizer components. These involve fetching packages from pypi.nvidia.com and a Cloudfront CDN distribution associated with the product. These sources are recognized as well-known or vendor-managed.
  • [COMMAND_EXECUTION]: The usd_validation_executor.py script uses subprocess.run to orchestrate validation tasks in isolated child processes. This architecture is used to implement timeouts and prevent process hangs during resource-intensive C++ validation rules. The execution logic is strictly controlled via a JSON-based worker protocol.
  • [PROMPT_INJECTION]: As the skill ingests and analyzes complex user-provided USD (Universal Scene Description) files, it possesses a surface for indirect prompt injection through malicious metadata or custom attributes. This risk is inherent to tools processing external assets and is mitigated by the workflow's reliance on structured JSON summaries and mandatory user approval for any destructive stage modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:35 PM
Security Audit — agent-trust-hub — omniverse-usd-performance-tuning