mirofish-offline-simulation
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone the project from a non-trusted GitHub repository (
github.com/nikmcfly/MiroFish-Offline), which is outside the list of trusted vendors and does not match the author's known infrastructure. - [REMOTE_CODE_EXECUTION]: The installation process involves running unverified scripts and binaries via
docker compose,pip install, andnpm install. This grants the downloaded code extensive permissions over the user's environment, potentially allowing arbitrary code execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its document processing feature.
- Ingestion points: Document text is ingested via the
GraphBuilder.buildservice (SKILL.md). - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill uses Ollama for entity extraction and runs complex agent simulations (SimulationService) that influence agent behavior and report generation.
- Sanitization: There is no evidence of input sanitization or validation of the ingested document content before LLM processing.
Recommendations
- AI detected serious security threats
Audit Metadata