neon-toolkit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill directs the user to install the
@neondatabase/toolkitpackage and references remote documentation from a non-whitelisted source. Evidence:npm install @neondatabase/toolkitandhttps://raw.githubusercontent.com/neondatabase-labs/ai-rules/main/neon-toolkit.mdcinSKILL.md. \n- CREDENTIALS_UNSAFE (LOW): The automation script handles sensitive database URLs by writing them to local files and logging them to the terminal. Evidence:scripts/create-ephemeral-db.tswritesdb.urlto.env.developmentand.ephemeral-db-info.json, and logs it to stdout, which may expose database passwords in shell history or CI logs.
Audit Metadata