simmer-judge-board
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from candidate artifacts and evaluator results, creating a vulnerability surface for indirect prompt injection. \n
- Ingestion points: The agent panel is instructed in SKILL.md to investigate the 'current candidate' files, 'evaluator script' (e.g., ./evaluate.sh), and 'prior candidates'. \n
- Boundary markers: The instruction set uses logical phase dividers (e.g., '─── STEP 1: INVESTIGATE ───') but does not include explicit safety directives for the model to ignore instructions embedded within the processed external data. \n
- Capability inventory: The skill's output (consensus scores and ASI) is designed to be consumed by an orchestrator and a generator that can modify workspace files and potentially execute local shell scripts. \n
- Sanitization: No validation, sanitization, or escaping of the content from candidate files or evaluator outputs is defined in the skill instructions.
Audit Metadata