quality
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes multiple command-line tools including
git,go, andshto inspect the repository and run quality checks. It also uses a vendor-specific toolnoodleto emit event messages. - [REMOTE_CODE_EXECUTION]: The skill executes
go test ./...andsh scripts/lint-arch.sh. These commands run code and scripts located within the codebase being reviewed. If the codebase contains untrusted or malicious content (e.g., from an external pull request), this can lead to arbitrary code execution within the agent's runtime environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the repository, such as commit logs, file diffs, and source code, to perform its assessment.
- Ingestion points: Reads data via
git log,git diff, and direct file reads of changed files and principles. - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the code being reviewed.
- Capability inventory: The agent has the ability to read files, execute shell commands (
sh,go test), and emit session events via thenoodleCLI. - Sanitization: The skill identifies findings and interpolates them into a JSON payload for the
noodle event emitcommand; without proper escaping, malicious content in the code findings could potentially lead to command injection in the final shell execution.
Audit Metadata