oops
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted error messages and logs. 1. Ingestion points: Shell command error outputs, .noodle/ state files, and .noodle.toml configuration files as described in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the fix flow. 3. Capability inventory: The skill directs the agent to perform command execution for reproduction and verification, file system writes to apply fixes, and git commits to persist changes. 4. Sanitization: No logic for sanitizing or validating command output is specified.
- [COMMAND_EXECUTION]: The skill's reproduction and verification steps require the agent to execute arbitrary shell commands derived from the failing project context.
- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any Python or Node.js scripts.
Audit Metadata