openscad-cutlist-woodworkers
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract_cutlist.pyinvokes theopenscadbinary usingsubprocess.run. This is an intended function of the skill used to render 3D models and capture dimensions from the application's output. The implementation uses a list of arguments and a timeout to ensure secure execution. - [EXTERNAL_DOWNLOADS]: The skill's documentation directs users to install an external library from a public repository on GitHub. This reference to a well-known service is documented neutrally as an expected dependency.
- [SAFE]: Analysis of data processing workflows regarding potential indirect prompt injection surfaces:
- Ingestion points: The
scripts/extract_cutlist.pyscript reads user-provided.scadfiles. - Boundary markers: Absent; the script parses all
ECHOoutput matching specific patterns. - Capability inventory: The skill can execute the
openscadutility and write files to the local disk. - Sanitization: The script uses specific regular expressions to parse expected data formats, which limits the impact of unexpected or malformed input.
- [SAFE]: Detailed analysis of the scripts and documentation found no evidence of malicious intent, obfuscation, or unauthorized data access. The skill adheres to its stated purpose of assisting with woodworking design workflows.
Audit Metadata