openscad
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
tools/render-with-params.shperforms unsafe string interpolation when calling Python. The shell variable$PARAMS_FILEis embedded directly into the Python script string executed bypython3 -c. A malicious filename containing single quotes and Python commands can trigger arbitrary code execution. \n - Evidence:
tools/render-with-params.shlines 50-63. Unlike other scripts in the skill (e.g.,tools/extract-params.sh) that usesys.argvfor safe argument passing, this script concatenates the variable into the command string.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the parsing of OpenSCAD files. Comments within.scadfiles are extracted and presented as parameter descriptions without sanitization or boundary markers.\n - Ingestion points:
tools/extract-params.sh(lines 38-81) parses user-provided.scadfiles.\n - Boundary markers: Absent; parameter descriptions are extracted and printed directly to the console or included in JSON output.\n
- Capability inventory: The skill can execute
openscadfor rendering and STL export, and run Python-based parsing logic viatools/render-with-params.shandtools/extract-params.sh.\n - Sanitization: No escaping or validation is performed on the extracted comment strings before they are output.
Audit Metadata