neon-postgres
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to fetch and process external documentation directly from neon.com.
- Ingestion points: Fetches markdown content from URLs such as https://neon.com/docs/introduction/branching.md and the documentation index at https://neon.com/docs/llms.txt (SKILL.md).
- Capability inventory: The skill has the capability to execute SQL queries, manage database branches via the Neon CLI, and modify local configuration files like .env (getting-started.md, neon-cli.md).
- Boundary markers: The skill does not implement specific boundary markers or instructions to ignore embedded commands within the fetched external documentation.
- Sanitization: There is no explicit sanitization or validation of the fetched remote content before it is incorporated into the agent's context.
- [COMMAND_EXECUTION]: The skill facilitates the installation and execution of official Neon developer tools using standard package managers.
- Evidence: Instructions for running npx neonctl@latest init to configure the local environment and MCP server (devtools.md).
- Evidence: Guidance for installing the Neon CLI via Homebrew (brew install neonctl) or npm (npm install -g neonctl) (neon-cli.md).
- [DATA_EXFILTRATION]: The skill accesses local environment files to manage database credentials. While this is the intended functionality for project setup, it involves sensitive file access.
- Evidence: Instructions to read, update, or append the DATABASE_URL and NEON_AUTH_COOKIE_SECRET to the .env file (getting-started.md).
- [EXTERNAL_DOWNLOADS]: The skill retrieves documentation assets and resource indexes from the vendor's official domain.
- Evidence: Downloads markdown documentation from https://neon.com/docs/ for real-time reference updates.
Audit Metadata