neynar
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): Automated security scans identified https://docs.farcaster.xyz and docs.farcaster.xyz as malicious (Blacklisted). While these are official project domains, the explicit security detection requires a critical verdict.
- CREDENTIALS_UNSAFE (MEDIUM): The skill's setup instructions direct users to save sensitive NEYNAR_API_KEY and signerUuid values into a local configuration file. This creates a risk of credential exposure if the local environment is not properly secured.
- PROMPT_INJECTION (LOW): The skill processes untrusted external content from Farcaster social feeds. (1) Ingestion Points: User lookups, feed retrieval, and search results. (2) Boundary Markers: None present to distinguish data from instructions. (3) Capability Inventory: The skill can perform network requests and state-changing actions like posting and following. (4) Sanitization: No evidence of data cleaning or sanitization.
- COMMAND_EXECUTION (LOW): The skill utilizes a local script (scripts/neynar.sh) and system binaries (curl, jq). The lack of the script's source code in the provided file prevents a full security audit of its internal command handling.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata