neqsim-stid-retriever

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to run local utility scripts, such as devtools/pdf_to_figures.py and devtools/stid_download.py. These tools are part of the local project repository and are used to process documents within the restricted task workspace.
  • [EXTERNAL_DOWNLOADS]: The skill provides an interface for retrieving documents from external document management systems like STID. These downloads are a core function of the skill and target organizational engineering resources for authorized vendor use.
  • [CREDENTIALS_UNSAFE]: Credential security is handled according to best practices. No hardcoded secrets are present, and the documentation explicitly directs the use of a gitignored configuration file (devtools/doc_retrieval_config.yaml) for managing authentication settings for retrieval backends.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data extracted from external documents (PDFs and images). While this represents a theoretical ingestion surface for untrusted data, the extracted information is used for engineering simulation and analysis rather than being interpolated into system instructions, resulting in no active threat.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 08:39 AM
Security Audit — agent-trust-hub — neqsim-stid-retriever