neuroskill-search
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill defines commands that use npx and curl to interact with a local neuro-analysis service running on 127.0.0.1.
- [EXTERNAL_DOWNLOADS]: The skill references the neuroskill package, which is downloaded from the npm registry via npx. This is a well-known service and the package is associated with the skill authoring organization.
- [PROMPT_INJECTION]: The skill processes user-defined data fields such as labels in search results, which presents a surface for indirect prompt injection if an agent interprets these strings as instructions. 1. Ingestion points: The labels[].text field within the search result JSON object in SKILL.md. 2. Boundary markers: Absent in the provided examples. 3. Capability inventory: The skill uses npx for package execution and curl for local network requests. 4. Sanitization: Not described in the skill documentation.
Audit Metadata