simmer-generator
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection via its feedback-driven design.
- Ingestion points: Processed artifacts ('Current candidate') and external feedback ('ASI'
- Artificial Super Intelligence direction) are ingested as natural language instructions (SKILL.md).
- Boundary markers: The instructions do not define boundary markers or delimiters to isolate untrusted data from the agent's control logic.
- Capability inventory: The skill has the authority to write to the file system, modify existing scripts, and execute shell commands (SKILL.md).
- Sanitization: No sanitization or verification protocols are mentioned for the external feedback before it is used to drive workspace changes.
- [COMMAND_EXECUTION]: The skill is instructed to execute shell commands provided in the 'VALIDATION_COMMAND' field of the setup brief to verify infrastructure changes and pipeline integrity (SKILL.md).
- [REMOTE_CODE_EXECUTION]: The skill is designed to modify evaluator scripts and infrastructure configurations ('evaluator scripts may be modified', 'switching models'), which results in the execution of agent-generated code during the evaluation cycle (SKILL.md).
Audit Metadata