Skills
skills/neuroskill-com/skills/neuroskill-streaming/Gen Agent Trust Hub

neuroskill-streaming

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the npx neuroskill command and curl to communicate with a local server hosted at 127.0.0.1:8375 for managing eeg data and device controls.
  • [EXTERNAL_DOWNLOADS]: Leverages the npx utility to download and run the neuroskill package from the NPM registry.
  • [EXTERNAL_DOWNLOADS]: The say command triggers the download of external TTS voice models (~30 MB) upon its first execution.
  • [REMOTE_CODE_EXECUTION]: Performs remote code execution by fetching and running the neuroskill package from the public NPM registry.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via user-controllable data in broadcast events.
  • Ingestion points: The listen command captures real-time events like label_created, which includes arbitrary user-supplied strings in the text field.
  • Boundary markers: The skill documentation provides no evidence of delimiters or instructions to ignore embedded commands within the processed data streams.
  • Capability inventory: The skill possesses capabilities to speak text aloud, send system notifications, and transmit raw JSON payloads to local infrastructure.
  • Sanitization: No validation or sanitization mechanisms are described for data ingested from the real-time event stream.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 11:39 AM