simmer-judge-board
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data (candidate artifacts and evaluator outputs) during its judging phases.
- Ingestion points: The skill reads the 'Candidate' artifact, 'Evaluator script' output, and 'Ground truth' data as part of its Phase 1 investigative process.
- Boundary markers: The prompt templates for judges do not include boundary delimiters or instructions to ignore commands embedded within the evaluated content.
- Capability inventory: The skill calls the sub-skill 'simmer:simmer-judge' and performs file read operations on workspace items such as 'config.json' and 'evaluate.sh'.
- Sanitization: There are no mechanisms described for sanitizing or filtering the content of the candidate artifacts before they are provided to the judges.
Audit Metadata