neynar
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Implements a shell script (scripts/neynar.sh) that orchestrates API interactions using curl and jq.
- [SAFE]: Accesses the dedicated configuration path ~/.clawdbot/skills/neynar/config.json to retrieve the user's API key and signer UUID.
- [SAFE]: Communicates exclusively with the official Neynar API domain (api.neynar.com) for all Farcaster operations.
- [SAFE]: Employs jq for constructing JSON bodies and encoding URI components in search queries, preventing common injection vulnerabilities in API interactions.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through ingestion of untrusted Farcaster content.
- Ingestion points: Cast content and user profile data retrieved from the Neynar API in scripts/neynar.sh.
- Boundary markers: None present in instructions.
- Capability inventory: Restricted to Farcaster API interactions (posting, reacting); no arbitrary file access or system command execution.
- Sanitization: Responses are processed and re-formatted using jq.
Audit Metadata