urdf2mjcf
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill relies on the 'urdf2mjcf' tool and package from the 'kscalelabs' GitHub repository, which is not a whitelisted trusted source, requiring manual audit of the external dependency.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted URDF (XML) and mesh files. 1. Ingestion points: 'urdf_path' parameter in Python and CLI file arguments. 2. Boundary markers: None identified. 3. Capability inventory: The skill reads external files and writes output MJCF files via the external 'urdf2mjcf' library. 4. Sanitization: No sanitization or validation of the input robot description files is demonstrated in the examples.
- [COMMAND_EXECUTION] (LOW): The skill documentation includes examples of running shell commands for file transformation.
Audit Metadata