Skills
skills/nitemaeric/dragonruby-skills/dragonruby-3d/Gen Agent Trust Hub

dragonruby-3d

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses GTK.start_server! port: 9001, enable_in_prod: true to launch an unauthenticated network service on the host machine, which creates an external attack surface.
  • [DATA_EXFILTRATION]: The code implements a network responder in the tick method that serves internal data (scene_json) via req.respond to any requester connecting to the local server.
  • [DATA_EXFILTRATION]: The load_off function utilizes GTK.read_file(path) to access the local filesystem. This capability can be used to read arbitrary files if the input path is controlled by an untrusted source.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 05:20 PM