add-neon-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill identifies and modifies AI-specific instruction files such as
CLAUDE.md,AGENTS.md, and Cursor rules files. These files are used to define an agent's operating context and behavioral constraints. By inserting external, non-static URLs into these files, the skill creates a persistent surface for indirect prompt injection. - Ingestion points: The skill modifies files (
CLAUDE.md,AGENTS.md,.cursor/rules.md) that are natively ingested as high-priority instructions by AI agents like Claude Code or Cursor. - Boundary markers: The skill appends the resource links without using delimiters or instructions that would prevent a future agent from obeying malicious instructions embedded in the linked remote documentation.
- Capability inventory: The skill uses
writeandbashtool permissions to modify the project environment and persistent configuration files. - Sanitization: No sanitization or validation is performed on the URLs or descriptive text retrieved from the
skill-knowledge-map.jsonmetadata before it is written into project-level instruction files.
Audit Metadata