ros-bridge
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE] (SAFE): The automated scan alert for a malicious URL is a false positive.
- Evidence: The scanner flagged
data.ranges.fi. Review ofSKILL.mdandsrc/robot-agent.tsshows the codedata.ranges.filter(r => r > 0). The stringranges.fiwas incorrectly parsed as a URL when it is actually an array property access followed by a standard JavaScript array method. - [Indirect Prompt Injection] (LOW): The skill ingests external data from robot sensors which could theoretically be manipulated by an environment-based attacker.
- Ingestion points: LIDAR data in
src/ros-tools.ts(readLidar) and computer vision detections insrc/tools/vision.ts(getDetectionResults). - Boundary markers: Absent; however, data is returned to the agent in structured JSON format.
- Capability inventory: Physical movement control (
move_forward,turn) and hardware interaction. - Sanitization: All tool inputs that affect robot hardware are strictly validated using Zod schemas (e.g., speed limits, duration limits), which mitigates the risk of an agent being coerced into dangerous physical actions via injection.
- [Command Execution] (LOW): The skill sends control strings to a robot hardware endpoint.
- Evidence:
src/tools/vision.tsusesfetchto POST command objects to the robot's local server. These commands are mapped from validated enums and numbers, preventing arbitrary command injection into the robot's firmware.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata