neovim
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security threats detected. The skill focuses on Neovim configuration management with well-defined boundaries.
- Command Execution (SAFE): The skill uses
vhsto execute a specific, static tape file (neovim.tape). This is used for visual regression testing and is restricted to opening Neovim and taking a screenshot. - Data Exposure (SAFE): While the skill accesses dotfiles in the user's home directory (
~/dev/dotfiles/), it does not attempt to access sensitive credentials (like SSH keys or AWS tokens) or send any data over the network. - Prompt Injection (SAFE): The use of 'CRITICAL' markers in the documentation is for operational safety (preventing the agent from disrupting the user's active terminal session) rather than attempting to bypass AI safety guardrails.
- Indirect Prompt Injection (LOW): As a configuration editing skill, it processes untrusted files. However, it mandates the use of a static verification script and provides clear instructions to avoid affecting the user's live environment, mitigating standard risks.
Audit Metadata