The Agent Skills Directory

[SAFE]: The skill operates entirely within a secure sandbox using only Python standard library modules. No external dependencies or remote script executions are involved.
[SAFE]: Command injection protections are implemented in scripts/campaign_manager.py. The _validate_command_template function uses regular expressions to block dangerous shell operators (e.g., ;, |, &, backticks), and shlex.quote() is applied to all file paths before they are interpolated into shell commands.
[SAFE]: The skill incorporates robust defenses against malicious or malformed data in scripts/result_aggregator.py. It enforces a 10MB file size limit (MAX_RESULT_FILE_SIZE) and a maximum JSON nesting depth of 10 (MAX_JSON_DEPTH) to prevent resource exhaustion or stack overflow attacks.
[SAFE]: To mitigate indirect prompt injection, scripts/result_aggregator.py includes a _sanitize_value function that truncates strings from external result files and strips control characters, preventing malicious payloads from influencing the agent's behavior.
[SAFE]: The skill limits its own privilege by requesting only a minimal set of tools (Read, Write, Grep, Glob) and explicitly excluding the Bash tool, ensuring the agent cannot autonomously execute the commands it generates for the user.

simulation-orchestrator