skill-neovim-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill heavily utilizes Bash commands to manage the implementation lifecycle, including state updates and version control automation.
- Evidence: Stages 1, 2, 7, and 9 use
jq,sed, andgitto read task data, update statuses instate.json, and commit changes to the repository. - Context: The execution is restricted to the local workspace and uses
jq --argfor safe interpolation of variables into JSON structures. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes data from potentially untrusted sources.
- Ingestion points: Reads project metadata from
specs/state.jsonand completion data (summaries, roadmap items) from a subagent-generated.return-meta.jsonfile. - Boundary markers: The prompt for the
neovim-implementation-agentsubagent is constructed from context variables without explicit boundary markers or instructions to disregard embedded commands. - Capability inventory: The skill has access to
Bash,Edit,Write, andTasktools, allowing for command execution and file manipulation based on the ingested data. - Sanitization: While the skill uses
jqto handle JSON data safely, it does not perform sanitization or validation on the content of theproject_nameor subagent-provided summaries before they are used in path construction or committed to Git.
Audit Metadata