nodel-use
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill exposes the
/REST/nodes/{nodeName}/exec(POST) and/REST/nodes/nodeName/eval(GET) endpoints. These allow for the direct execution of arbitrary Python code and expressions on the host machine running the Nodel framework. - [COMMAND_EXECUTION] (HIGH): The skill provides tools for administrative persistence and destructive actions, specifically the
/REST/nodes/{nodeName}/script/saveendpoint for overwriting the node's logic and the/remove?confirm=trueendpoint for deleting nodes. - [DATA_EXFILTRATION] (MEDIUM): The skill facilitates the retrieval of sensitive information, including full script source code via
/REST/nodes/{nodeName}/script/rawand configuration parameters via/REST/nodes/{nodeName}/params, which may contain device credentials or internal network topology. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8):
- Ingestion points: The agent is instructed to read
consolelogs, activitylogs, andfiles/contents(File:references/rest-api.md). - Boundary markers: Absent; there are no instructions to delimit or ignore instructions within these data sources.
- Capability inventory: Extensive high-privilege capabilities including arbitrary Python execution (
exec), script overwriting (script/save), and node deletion (remove) (File:SKILL.md). - Sanitization: Absent; the skill does not suggest any validation of the content retrieved from logs before processing or acting upon it.
- Risk: An attacker-controlled external device could generate log messages containing instructions that the agent then executes using its RCE capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata