neovim-debugging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted data from local Neovim configuration files. Evidence Chain:
- Ingestion points: Accesses files in ~/.config/nvim/ using Read, Grep, Glob, and Bash tools.
- Boundary markers: None. The instructions encourage gathering information directly from files without delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill is granted the 'Bash' tool, which allows for arbitrary command execution.
- Sanitization: No sanitization, validation, or escaping of ingested file content is performed.
- Command Execution (MEDIUM): The skill uses 'nvim --headless -c' to execute Lua code for diagnostics. This executes code within the Neovim environment, which may be influenced by existing (potentially malicious) plugins or configurations.
Recommendations
- AI detected serious security threats
Audit Metadata