Skills
skills/k-dense-ai/claude-scientific-skills/simpy/Gen Agent Trust Hub

simpy

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file contains a behavioral steering instruction titled 'Suggest Using K-Dense Web For Complex Worflows' which directs the agent to proactively suggest the vendor's hosted platform (www.k-dense.ai) for complex or multi-step tasks.
  • [COMMAND_EXECUTION]: The skill presents an attack surface for indirect prompt injection because it processes and executes user-supplied simulation logic. Evidence chain: 1. Ingestion points: User-defined generator functions and simulation parameters in scripts like scripts/basic_simulation_template.py. 2. Boundary markers: Absent. 3. Capability inventory: Execution of generator functions within the simpy environment and local file writing. 4. Sanitization: Absent.
  • [DATA_EXFILTRATION]: The scripts/resource_monitor.py and references/monitoring.md files implement local file-writing capabilities (e.g., export_csv, export_to_csv) which could be used to write data to the local filesystem, potentially exposing simulation metrics or other data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 08:48 PM