simmer-generator
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a
VALIDATION_COMMANDprovided in a setup brief to verify workspace changes. - Evidence: Found in Workspace Mode step 7: "If a VALIDATION_COMMAND is in the setup brief, run it."
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data as its primary function, including the "Current candidate" artifact and "ASI" feedback strings.
- Evidence: In the "Context You Receive" section, the skill lists "Current candidate", "ASI", and "Panel deliberation summary" as inputs.
- Ingestion points: The skill reads the full artifact text or workspace path to perform improvements.
- Boundary markers: None explicitly defined in the instructions to separate input data from instructions.
- Capability inventory: The skill has file-write access and command-execution capabilities via the orchestrator's workspace environment.
- Sanitization: No sanitization or filtering of external content is mentioned.
- [COMMAND_EXECUTION]: The skill permits the modification and subsequent execution of evaluator scripts and pipeline code within a workspace.
- Evidence: Found in Workspace Mode step 6: "Evaluator scripts may be modified if the ASI calls for a topology or pipeline change..."
Audit Metadata