neon-serverless
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references a remote configuration/documentation file from a GitHub repository not on the trusted list.
- Evidence: SKILL.md references 'https://raw.githubusercontent.com/neondatabase-labs/ai-rules/main/neon-serverless.mdc'.
- Impact: Per [TRUST-SCOPE-RULE], while the source appears legitimate for the database provider, it is not within the defined trusted organization scope and represents a remote dependency.
- INDIRECT_PROMPT_INJECTION (MEDIUM): The skill provides templates for database interaction that lack proper sanitization for dynamic identifiers.
- Ingestion Points: The
updateUserfunctions intemplates/http-connection.tsandtemplates/websocket-pool.tsprocess object keys from potentially untrusted inputs. - Boundary Markers: None present.
- Capability Inventory: The skill has 'bash' access and the ability to execute write/delete queries against a database.
- Sanitization: Absent. The templates interpolate keys directly into the SQL string (e.g.,
${key} = $${i + 1}). If an agent uses these templates with user-controlled object keys, it creates a SQL injection vulnerability. - DATA_EXFILTRATION (INFO): The diagnostic script prints database metadata to the console.
- Evidence:
scripts/validate-connection.tslogs hostname, database user, and table counts to stdout. - Impact: Minimal risk as this is the intended diagnostic behavior, but users should be aware of sensitive info in logs.
Audit Metadata