webots-advanced
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches source code from Cyberbotics' official GitHub repository for custom builds, patching, and advanced customization.
- [DATA_EXFILTRATION]: Instructs on setting up TCP/IP servers using the Python socket library to facilitate data exchange with external software like MATLAB or LabVIEW, which opens a network listener on the host machine.
- [COMMAND_EXECUTION]: Recommends the use of the --no-sandbox flag for AppImage execution on Linux to bypass sandbox-related stability issues in specific environments.
- [REMOTE_CODE_EXECUTION]: Describes the use of the LD_LIBRARY_PATH environment variable to ensure discovery of controller runtime libraries, which influences dynamic library loading. It also includes instructions for compiling the simulator from source code.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the ingestion and processing of untrusted simulation data.
- Ingestion points: Reads .wbt world files and executes external .py robot controller scripts as part of the simulation workflow.
- Boundary markers: None implemented to distinguish between simulation instructions and potentially malicious commands embedded in files.
- Capability inventory: Includes system command execution (webots, make), Python script execution, network socket management, and environment variable manipulation.
- Sanitization: No validation or sanitization is performed on the content of world files or the logic within controller scripts before execution.
Audit Metadata