oops
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted command output.
- Ingestion points: In the 'Reproduce' step, the agent is instructed to capture and analyze the exact error output from failing commands (File: SKILL.md).
- Boundary markers: The instructions lack specific boundary markers or 'ignore' commands to isolate the untrusted command output from the agent's core instructions.
- Capability inventory: The skill has the capability to modify environment configurations (.noodle.toml), manage persistent files, and commit code changes (File: SKILL.md).
- Sanitization: There is no mechanism described for sanitizing or validating command output before it is ingested into the agent context.
Audit Metadata