Skills
skills/earthtojake/text-to-cad/robot-motion/Gen Agent Trust Hub

robot-motion

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes subprocess.Popen within server/motion_server/providers/moveit_py.py to launch a joint state seeder. This execution is restricted to internal modules using the current system Python interpreter.
  • [REMOTE_CODE_EXECUTION]: The artifact generator in scripts/gen_motion_artifacts/cli.py uses importlib to dynamically load and execute a gen_motion function from local Python files. This is the primary intended mechanism for reading motion specifications from user-defined scripts within the repository.
  • [EXTERNAL_DOWNLOADS]: The scripts/setup.sh and environment.yml files facilitate the installation of ROS 2 and MoveIt 2 dependencies from trusted repositories such as Conda-Forge and RoboStack.
  • [SAFE]: The skill implements robust path-validation logic in server/motion_server/context.py using pathlib.Path.relative_to to ensure that all file access for URDFs and configuration sidecars remains strictly within the repository boundaries, effectively preventing directory traversal attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:48 AM