simmer-judge
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external data, specifically a 'candidate artifact' and 'evaluator output'. This constitutes an attack surface for indirect prompt injection, where malicious instructions could be embedded in the data being judged to influence the agent's scoring or next-step recommendations.
- Ingestion points: Untrusted data enters the agent context through the 'Current candidate' artifact and the 'Evaluator output' (logs, test results, etc.) provided by the orchestrator as described in SKILL.md.
- Boundary markers: The skill instructions do not specify any XML delimiters or 'ignore' instructions for the ingested data; it relies on the orchestrator's implementation.
- Capability inventory: The skill's primary function is to generate text-based scores and reasoning. It does not include direct capabilities for network access, file system modification, or command execution within the provided instructions.
- Sanitization: There are no instructions for sanitizing or escaping the candidate content or evaluator output before processing.
Audit Metadata