neon-js
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits a surface for Indirect Prompt Injection by dynamically fetching and following instructions from remote sources.
- Ingestion points: The agent is instructed in
SKILL.mdto load and follow guides from theneondatabase-labs/ai-rulesrepository (e.g.,guides/setup.md,references/code-generation-rules.md). - Boundary markers: Absent. There are no delimiters or warnings to ignore malicious instructions that might be embedded in the external content.
- Capability inventory: The skill allows the use of
bashandwrite, which means instructions from the external guides could lead to arbitrary command execution or file modifications on the user's system. - Sanitization: Absent. The agent processes the fetched markdown content directly to drive its workflow.
- EXTERNAL_DOWNLOADS (LOW): The skill references multiple external documentation and configuration files from the
neondatabase-labsGitHub organization. Per the analysis policy, this organization is not on the trusted list. While the skill fetches documentation rather than executable binaries, these files serve as the primary logic for the agent's setup tasks.
Audit Metadata