noir-optimize-acir
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (SAFE): The skill utilizes the Bash tool to execute
nargo compileandbb gates. These are standard tools for compiling Noir circuits and measuring their gate count. As these operations are the primary purpose of the skill, the behavior is considered acceptable within the intended context.\n- Indirect Prompt Injection (LOW): The skill demonstrates an attack surface for indirect prompt injection through project-controlled data.\n - Ingestion points: The agent is instructed to use package names and function names (e.g., from
Nargo.tomlor file exports) as arguments in shell commands.\n - Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore instructions found within the project files it reads.\n
- Capability inventory: The skill allows Bash execution, file reading, and globbing, providing a vector to escalate data ingestion into command execution.\n
- Sanitization: Absent. There is no validation or escaping logic to ensure that package or function names do not contain shell metacharacters (e.g.,
;,|,&&), which could lead to arbitrary command injection if a user processes a malicious project.
Audit Metadata