neotex
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill creates a significant Indirect Prompt Injection surface by fetching 'guidelines' and 'decisions' from an external repository and incorporating them into the agent's logic. \n
- Ingestion points: Content is ingested through
neotex search,neotex get, andneotex context opencommands as described inSKILL.md. \n - Boundary markers: Absent; there are no instructions provided to the agent to treat retrieved knowledge as untrusted or to isolate it using delimiters. \n
- Capability inventory: The skill utilizes CLI commands for searching, reading, and writing to the knowledge base (
neotex add,neotex asset add), which could be abused if poisoned instructions are executed. \n - Sanitization: Absent; the skill does not specify any validation or filtering for the data retrieved from the knowledge base. \n- [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell command execution (
bash) to interact with theneotexbinary and the local filesystem (e.g.,ls .neotex/index.json). This pattern is a security risk if the agent's interface for executing these commands does not properly sanitize or escape parameters like search queries or file paths.
Recommendations
- AI detected serious security threats
Audit Metadata