simulation-orchestrator
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates high security awareness through multiple defensive layers and careful handling of external data.
- [COMMAND_EXECUTION]: The
scripts/campaign_manager.pyscript generates shell command strings based on user-provided templates. This is a common pattern for orchestration but is handled safely: - A
_validate_command_templatefunction checks for and rejects dangerous shell operators such as pipes, semicolons, and backgrounding operators. - Configuration paths are validated against a safe-character allowlist (
_SAFE_PATH_PATTERN). - Shell arguments are escaped using
shlex.quote()to prevent injection. - The skill's
allowed-toolsconfiguration inSKILL.mdexplicitly excludesBash, ensuring the agent cannot execute the generated commands itself. - [INDIRECT_PROMPT_INJECTION]: The
scripts/result_aggregator.pyscript processes external simulation result files, which represents a potential indirect prompt injection surface. The script implements comprehensive mitigations: - Ingestion points: Processes JSON result files (e.g.,
result_*.json) produced by external simulations. - Sanitization: The
_sanitize_value()function truncates strings to 500 characters and strips non-printable control characters, preventing large or malicious payloads from entering the agent context. - Validation: The script enforces strict limits: a 10MB maximum file size, a maximum JSON nesting depth of 10, and a regex-validated pattern for metric names.
- Capability inventory: The skill is limited to local file system operations (Read/Write) and cannot perform network operations or direct command execution.
Audit Metadata