neqsim-process-extraction

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and parse untrusted engineering data from external sources such as Word documents (.docx), text descriptions, and tables. This creates an attack surface for indirect prompt injection where malicious instructions could be embedded in the processed data to influence the agent's behavior.
  • Ingestion points: Paragraphs and tables extracted from .docx files in Section 17.
  • Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the extracted data.
  • Capability inventory: The skill generates Python scripts and NeqSim JSON configurations that are used to drive a simulation engine via the jpype library.
  • Sanitization: No explicit sanitization or filtering logic is provided for the extracted text before it is incorporated into the agent's context or generated scripts.
  • [COMMAND_EXECUTION]: The skill provides extensive Python code templates and instructions for the agent to generate and execute scripts for process simulation.
  • Dynamic logic: Sections 18 and 20 provide detailed patterns for generating complex simulation models, including recycle loops and anti-surge control logic.
  • File interaction: Section 17 includes Python snippets for locating and reading local files using the python-docx and pandas libraries.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 09:59 PM
Security Audit — agent-trust-hub — neqsim-process-extraction