gsplat-optimizer
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to clone and execute code from a third-party GitHub repository (
https://github.com/scier/MetalSplatter.git) and install thesogsPython package. Since these sources are not within the defined 'Trusted External Sources' list, they pose a medium risk of supply chain or untrusted code execution. - [COMMAND_EXECUTION] (LOW): The skill documentation includes instructions to run a local script (
analyze_splat.py). While the script content is not provided in the input, the capability to execute local Python scripts is inherent to the skill's optimization purpose. - [PROMPT_INJECTION] (SAFE): No patterns of prompt injection, role-play bypass, or instruction overrides were detected in the markdown or metadata.
- [DATA_EXFILTRATION] (SAFE): No evidence of hardcoded credentials or commands accessing sensitive directories (~/.ssh, ~/.aws) was found. Network operations are limited to standard package management and cloning.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external 3D data files (.ply, .splat). While this represents an attack surface (Category 8), the capabilities listed (math-heavy optimization and rendering advice) are low-privilege with minimal downstream impact on agent reasoning.
Audit Metadata