simmer-skill-builder
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest untrusted user content, such as strategy descriptions, tweets, or external API documentation, to generate executable Python code. There is a risk that malicious input could influence the generated logic to perform unauthorized trading actions or exfiltrate data.
- Ingestion points: Strategy descriptions, tweet contents, and external API documentation (SKILL.md).
- Boundary markers: None specified for the untrusted input in the code generation instructions.
- Capability inventory: Generated scripts have access to network operations via
urlliband trading capabilities via thesimmer-sdk(references/skill-template.md). - Sanitization: No explicit sanitization or validation of the input strategy text is described.
- [EXTERNAL_DOWNLOADS]: The skill workflow involves downloading and executing the ClawHub CLI tool via
npx clawhub@latestand requires the installation of thesimmer-sdkPython package. These are established vendor resources used for publishing and core functionality. - [COMMAND_EXECUTION]: The instructions direct the agent to execute a local validation script (
scripts/validate_skill.py) and thenpxcommand to publish the generated skill to an external registry. - [DATA_EXFILTRATION]: The generated trading skills are configured to interact with external APIs, including
api.simmer.marketsandclob.polymarket.com. This requires the use of theSIMMER_API_KEYenvironment variable. While these operations are fundamental to the skill's purpose, they involve handling sensitive credentials and performing external network requests.
Audit Metadata