microsim-utils
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external content from MicroSim directories.
- Ingestion points: Reads user-supplied
main.html,index.md, and*.jsfiles within thedocs/sims/directory structure for validation and indexing. - Boundary markers: Absent; the skill lacks delimiters or instructions to treat MicroSim content strictly as data, increasing the risk of the agent obeying instructions embedded in the analyzed code.
- Capability inventory: Possesses significant side-effect capabilities, including writing PNG files, generating icons, and modifying the project's
mkdocs.ymlnavigation structure. - Sanitization: Absent; no sanitization or validation of the external content is described before it is processed by the agent or automation tools.
- [Command Execution] (MEDIUM): The skill documentation explicitly mentions using 'Chrome headless mode' for 'screen-capture.md'. Execution of browser automation against untrusted local HTML/JS is a known vector for local file access or further exploitation if the browser environment is not strictly sandboxed.
- [Unverifiable Logic] (MEDIUM): The core operational logic for each utility is stored in external files (e.g.,
references/standardization.md,references/screen-capture.md). The mainSKILL.mdacts only as a router, meaning the exact commands and safety boundaries implemented in those reference files are unverified in this analysis.
Recommendations
- AI detected serious security threats
Audit Metadata