neta-elementum
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the latest version of the vendor's package (@talesofai/neta-skills) from the NPM registry using npx. This is the official distribution method for the author's tools.
- [COMMAND_EXECUTION]: Executes shell commands via npx to manage visual tokens and perform user authentication. The commands are necessary for the skill's advertised features.
- [PROMPT_INJECTION]: Ingests user-supplied names, prompts, and descriptions (ingestion points in SKILL.md and elementum-alchemy.md) to define visual elements. While no boundary markers or sanitization steps are defined, this indirect surface is inherent to the purpose of creating custom image generation instructions (capability: make_image).
- [DATA_EXFILTRATION]: Performs an OAuth device authorization flow (neta login) to establish a session and retrieve basic account info. This represents a standard and safe practice for CLI-based identity management.
Audit Metadata