Skills
skills/benbrastmckie/nvim/skill-neovim-research/Gen Agent Trust Hub

skill-neovim-research

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes data from untrusted sources (state.json and .return-meta.json) and uses it to drive shell-based execution logic.
  • Ingestion points: Task metadata and subagent results are read from specs/state.json and specs/.../.return-meta.json.
  • Boundary markers: No delimiters or explicit instructions are provided to the LLM to ignore potentially malicious content within these data fields.
  • Capability inventory: The skill has access to Bash (executing arbitrary shell commands), Edit, Write, and git commands.
  • Sanitization: While jq is used to extract fields, the resulting variables (such as project_name or description) are interpolated directly into shell strings for mkdir, cat, and git commit without robust escaping, creating a potential command injection surface if the input data is compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM