Skills
skills/simhacker/moollm/sim-obliterator/Gen Agent Trust Hub

sim-obliterator

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/setup.py script automatically clones an external repository from https://github.com/DnfJeff/SimObliterator_Suite.git. This repository is a third-party dependency not managed within the primary skill infrastructure.
  • [REMOTE_CODE_EXECUTION]: The setup script executes pip install -r requirements.txt against the contents of the cloned repository and then runs a Python verification string (python -c) that imports and executes code from the newly downloaded source.
  • [COMMAND_EXECUTION]: The scripts/setup.py file uses the subprocess.run module to execute multiple shell commands, including git clone, python -m venv, and pip install, to set up the execution environment.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface where untrusted data could influence agent behavior.
  • Ingestion points: The skill processes binary .iff save files via the INSPECT and UPLIFT methods (referenced in SKILL.md).
  • Boundary markers: No delimiters or instructions are present to prevent the agent from obeying instructions that might be embedded in the save file's character data (e.g., in character names or descriptions).
  • Capability inventory: The skill is permitted to use run_terminal_cmd, read_file, and write_file tools, which could be misused if a character's data successfully injects instructions.
  • Sanitization: There is no evidence of sanitization or filtering of the binary data before it is parsed and used to enrich character profiles via the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 07:37 PM