spice-sim
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
pcb simCLI tool to execute simulations on user-defined design files.\n- [EXTERNAL_DOWNLOADS]: The workflow involves acquiring SPICE models from external vendor sources to define component behavior during simulation.\n- [COMMAND_EXECUTION]: The simulation setup uses raw ngspice commands, such as.controlandtran, which are passed directly to the simulation engine.\n- [PROMPT_INJECTION]: The skill defines a potential surface for indirect prompt injection by interpolating user-defined part names and scenarios into SPICE command strings.\n - Ingestion points: User-provided component names and scenario strings used in Zener design files (SKILL.md).\n
- Boundary markers: Simulation command blocks are contained within triple-quoted strings.\n
- Capability inventory: Execution of external commands through
pcb simand generation of SVG output files.\n - Sanitization: The instruction templates do not specify sanitization or validation logic for the interpolated strings.
Audit Metadata