neqsim-stid-retriever
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to run local utility scripts, such as
devtools/pdf_to_figures.pyanddevtools/stid_download.py. These tools are part of the local project repository and are used to process documents within the restricted task workspace. - [EXTERNAL_DOWNLOADS]: The skill provides an interface for retrieving documents from external document management systems like STID. These downloads are a core function of the skill and target organizational engineering resources for authorized vendor use.
- [CREDENTIALS_UNSAFE]: Credential security is handled according to best practices. No hardcoded secrets are present, and the documentation explicitly directs the use of a gitignored configuration file (
devtools/doc_retrieval_config.yaml) for managing authentication settings for retrieval backends. - [INDIRECT_PROMPT_INJECTION]: The skill processes data extracted from external documents (PDFs and images). While this represents a theoretical ingestion surface for untrusted data, the extracted information is used for engineering simulation and analysis rather than being interpolated into system instructions, resulting in no active threat.
Audit Metadata