Skills
skills/poteto/noodle/schedule/Gen Agent Trust Hub

schedule

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill explicitly directs the agent to "Operate fully autonomously" and "Never ask the user to choose or pause for confirmation," bypassing standard human-in-the-loop safety protocols.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting potentially untrusted data to generate task prompts.
  • Ingestion points: Data is read from .noodle/mise.json (backlog items and event payloads) and files within brain/plans/.
  • Boundary markers: Absent; there are no instructions to the model to treat external data as untrusted or to ignore embedded commands.
  • Capability inventory: The skill can perform filesystem writes (.noodle/orders-next.json) and execute CLI commands via noodle.
  • Sanitization: Absent; external titles, descriptions, and event data are interpolated directly into task prompts and the extra_prompt field.
  • [COMMAND_EXECUTION]: The skill utilizes the noodle CLI to perform operations such as noodle schema mise and noodle adapter run backlog add.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 01:34 AM