Skills
skills/noir-lang/noir/reduce-ssa-repro/Gen Agent Trust Hub

reduce-ssa-repro

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill creates a surface for Indirect Prompt Injection (Category 8) by instructing the agent to read and manually simplify potentially untrusted SSA files.
  • Ingestion points: The agent reads content from input.ssa and writes it to temporary files for processing.
  • Boundary markers: No explicit delimiters or warnings are used to separate the SSA code from the agent's control instructions.
  • Capability inventory: The skill allows execution of the noir-ssa binary via subprocess.run and provides file-system write access for minimization.
  • Sanitization: The SSA content is processed as raw text using regular expressions without validation or escaping of embedded instructions.
  • [COMMAND_EXECUTION]: The skill uses subprocess.run() in scripts/ssa_reduce_common.py and standard shell commands in scripts/reproduce_crash.sh to execute the noir-ssa tool under test. While these calls use argument lists to mitigate direct shell injection, they execute a local binary with parameters influenced by input data and environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:25 PM