simready-foundation-add-feature

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed for repository maintenance, specifically for managing SimReady feature specifications and their associated manifests.
  • [COMMAND_EXECUTION]: The instructions direct the agent to perform standard file system operations, including creating Markdown files and JSON manifests within the project structure. These actions are limited to the specific directories defined in the prerequisites (nv_core/sr_specs/).
  • [REMOTE_CODE_EXECUTION]: No patterns involving remote script downloads, piped execution (e.g., curl|bash), or external dependency installation were found.
  • [DATA_EXFILTRATION]: The skill does not perform network operations or access sensitive system paths (e.g., SSH keys, cloud credentials). All operations are local to the project repository.
  • [INDIRECT_PROMPT_INJECTION]: While the skill ingests user input to generate documentation and other skill files, it operates within a highly structured template environment with clear boundary expectations. There is no evidence of unsafe interpolation that would lead to unauthorized capability execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:45 AM
Security Audit — agent-trust-hub — simready-foundation-add-feature