notte-functions-doctor

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to download Python source code from URLs provided by the notte CLI metadata. This is a core part of its function to retrieve broken scripts for analysis.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the notte CLI to list, show, run, create, update, and delete functions. It also utilizes standard shell utilities like jq, diff, and case for data processing and logic control.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes content from external sources.
  • Ingestion points: The agent reads the content of current_function.py (external code) and the result field from notte functions run (which may contain data scraped from arbitrary websites).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when reading these external data sources.
  • Capability inventory: The agent has permissions to write files, edit code, and execute powerful CLI commands including notte functions update and notte functions delete.
  • Sanitization: No explicit sanitization or validation of the ingested code or run results is performed before the agent processes them for diagnosis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 10:56 PM
Security Audit — agent-trust-hub — notte-functions-doctor