Skills
skills/noir-lang/noir/debug-fuzzer-failure/Gen Agent Trust Hub

debug-fuzzer-failure

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill directs the agent to ingest untrusted data from GitHub Actions logs which creates a significant injection surface.
  • Ingestion points: GitHub Actions job logs accessed via WebFetch and the gh run view command.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or to disregard embedded instructions within the 'Program:' or 'Inputs:' sections of the logs.
  • Capability inventory: The agent has access to Bash (shell execution), Write (file modification), and WebFetch (network requests), allowing an injected instruction to perform side effects.
  • Sanitization: Absent. The workflow expects the agent to extract and interact with code found in the untrusted logs.
  • Command Execution (MEDIUM): The skill relies on the Bash tool to execute gh and nargo commands. This capability, combined with the lack of sanitization on the data being processed, allows for the execution of arbitrary commands if an attacker successfully injects instructions into the fuzzer logs.
  • Unverifiable Dependencies (MEDIUM): The skill references sub-skills extract-fuzzer-repro and bisect-ssa-pass which are not included in this analysis. These dependencies represent unverified logic that could have additional security implications.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:33 PM