neutralinojs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The Neutralino.os namespace (references/api/os.md) exposes execCommand and spawnProcess, which allow for the execution of arbitrary shell commands.
- [REMOTE_CODE_EXECUTION] (HIGH): The Neutralino.updater API (references/api/updater.md) provides an install() method that downloads and replaces application resources from a remote URL, enabling remote code execution by design.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The neu CLI (references/cli/neu-cli.md) and updater API download resources from external sources including npm, GitHub, and developer-specified URLs.
- [PROMPT_INJECTION] (LOW): Exposure to Indirect Prompt Injection via clipboard reading and external data ingestion. Evidence: 1. Ingestion points: references/api/clipboard.md (readText, readHTML); 2. Boundary markers: references/api/overview.md (Native Allowlist/Blocklist); 3. Capability inventory: references/api/os.md (execCommand, spawnProcess); 4. Sanitization: Framework-level permission checks (One-Time Token).
Recommendations
- AI detected serious security threats
Audit Metadata