simpy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The analyzed files consist of a legitimate Python simulation script and educational markdown documentation. No security threats were identified across any of the monitored categories.
- [Prompt Injection] (SAFE): No instructional overrides or bypass attempts detected.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths (~/.ssh, ~/.aws) or network operations to untrusted domains were found.
- [Obfuscation] (SAFE): No Base64, zero-width characters, or homoglyphs were detected; all content is in plain text.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses 'simpy', a well-known simulation library. No piped remote execution or suspicious package installations are present.
- [Privilege Escalation] (SAFE): No use of sudo, chmod, or administrative commands.
- [Persistence Mechanisms] (SAFE): No modifications to shell profiles, cron jobs, or startup services.
- [Metadata Poisoning] (SAFE): Metadata is consistent with the simulation utility purpose.
- [Indirect Prompt Injection] (SAFE): The skill does not ingest untrusted external data that could influence agent behavior.
- [Time-Delayed / Conditional Attacks] (SAFE): Logical conditions are restricted to standard simulation parameters.
- [Dynamic Execution] (SAFE): No use of eval(), exec(), or runtime compilation.
Audit Metadata