simulator-automation
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to the ingestion of external application data.
- Ingestion points: The skill reads console logs, exceptions, and failed network requests from the simulator webview via the
/api/consoleendpoint inSKILL.md. - Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat content from the logs as untrusted or to ignore instructions embedded within them.
- Capability inventory: The agent is granted capabilities such as
Bash,Write, andEdit, which could be exploited if the agent follows malicious instructions found in the logs. - Sanitization: No filtering or sanitization of the log content is described or implemented to prevent the processing of potential injection payloads.
Audit Metadata