simulation-orchestrator

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill demonstrates high security awareness through multiple defensive layers and careful handling of external data.
  • [COMMAND_EXECUTION]: The scripts/campaign_manager.py script generates shell command strings based on user-provided templates. This is a common pattern for orchestration but is handled safely:
  • A _validate_command_template function checks for and rejects dangerous shell operators such as pipes, semicolons, and backgrounding operators.
  • Configuration paths are validated against a safe-character allowlist (_SAFE_PATH_PATTERN).
  • Shell arguments are escaped using shlex.quote() to prevent injection.
  • The skill's allowed-tools configuration in SKILL.md explicitly excludes Bash, ensuring the agent cannot execute the generated commands itself.
  • [INDIRECT_PROMPT_INJECTION]: The scripts/result_aggregator.py script processes external simulation result files, which represents a potential indirect prompt injection surface. The script implements comprehensive mitigations:
  • Ingestion points: Processes JSON result files (e.g., result_*.json) produced by external simulations.
  • Sanitization: The _sanitize_value() function truncates strings to 500 characters and strips non-printable control characters, preventing large or malicious payloads from entering the agent context.
  • Validation: The script enforces strict limits: a 10MB maximum file size, a maximum JSON nesting depth of 10, and a regex-validated pattern for metric names.
  • Capability inventory: The skill is limited to local file system operations (Read/Write) and cannot perform network operations or direct command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 03:17 PM
Security Audit — agent-trust-hub — simulation-orchestrator