simmer
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the
eth-accountandsimmer-mcpPython packages from standard registries to support local transaction signing and service integration. - [COMMAND_EXECUTION]: Provides example
curlcommands for agent registration and API interactions with theapi.simmer.marketsendpoint. - [CREDENTIALS_UNSAFE]: Contains instructions for users to provide their own API keys and private keys via environment variables. The documentation correctly identifies these as sensitive and specifies that private keys for external wallets are used for local signing and never leave the user's environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external market venues and API-generated briefings which constitutes an indirect prompt injection surface.
- Ingestion points: Data returned from
/api/sdk/briefingand/api/sdk/contextendpoints. - Boundary markers: No explicit delimiters are defined for the agent's interpretation of external data.
- Capability inventory: Capability to execute trades on behalf of the user and perform network operations to the Simmer API.
- Sanitization: No automated sanitization is described, but the skill mandates structured reporting to the human user, ensuring human-in-the-loop oversight for generated actions.
Audit Metadata