microsim-layout-reviewer

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local utility named bk-capture-screenshot to render simulations and generate image files for analysis. This operation is restricted to local simulation directories and is essential to the skill's primary purpose.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content (simulation source code and rendered screenshots) and uses that information to perform file-writing operations (patching source code). This represents an attack surface where a malicious simulation could attempt to influence the agent's code-modification logic.\n
  • Ingestion points: Simulation source files (HTML, JavaScript, CSS, JSON) and captured PNG images are loaded into the agent's context for analysis.\n
  • Boundary markers: No explicit delimiters or instructions are provided to the model to distinguish between content being reviewed and the reviewer's instructions.\n
  • Capability inventory: The skill possesses the capability to execute shell commands (bk-capture-screenshot) and modify local project files across various formats.\n
  • Sanitization: There is no evidence of input validation or content sanitization performed on the ingested simulation data before it is used to determine source code patches.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:36 PM
Security Audit — agent-trust-hub — microsim-layout-reviewer