microsim-layout-reviewer
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local utility named
bk-capture-screenshotto render simulations and generate image files for analysis. This operation is restricted to local simulation directories and is essential to the skill's primary purpose.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content (simulation source code and rendered screenshots) and uses that information to perform file-writing operations (patching source code). This represents an attack surface where a malicious simulation could attempt to influence the agent's code-modification logic.\n - Ingestion points: Simulation source files (HTML, JavaScript, CSS, JSON) and captured PNG images are loaded into the agent's context for analysis.\n
- Boundary markers: No explicit delimiters or instructions are provided to the model to distinguish between content being reviewed and the reviewer's instructions.\n
- Capability inventory: The skill possesses the capability to execute shell commands (
bk-capture-screenshot) and modify local project files across various formats.\n - Sanitization: There is no evidence of input validation or content sanitization performed on the ingested simulation data before it is used to determine source code patches.
Audit Metadata