notte-functions-doctor
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
curlto download Python source code from URLs provided by thenotteCLI metadata. This is a core part of its function to retrieve broken scripts for analysis. - [COMMAND_EXECUTION]: The skill makes extensive use of the
notteCLI to list, show, run, create, update, and delete functions. It also utilizes standard shell utilities likejq,diff, andcasefor data processing and logic control. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes content from external sources.
- Ingestion points: The agent reads the content of
current_function.py(external code) and theresultfield fromnotte functions run(which may contain data scraped from arbitrary websites). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when reading these external data sources.
- Capability inventory: The agent has permissions to write files, edit code, and execute powerful CLI commands including
notte functions updateandnotte functions delete. - Sanitization: No explicit sanitization or validation of the ingested code or run results is performed before the agent processes them for diagnosis.
Audit Metadata