neynar
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted external content from the Farcaster network.
- Ingestion points: Untrusted content enters the agent's context through API responses in
scripts/neynar.shvia thefeed,search,cast, andusercommands, which retrieve text from casts and user profiles. - Boundary markers: While the data is returned in a structured JSON format, the script does not implement specific delimiters or 'ignore' instructions to help the agent distinguish between its own logic and the retrieved social media text.
- Capability inventory: The script exposes write capabilities including posting casts (
cmd_post), reacting (cmd_like,cmd_recast), and managing follows (cmd_follow,cmd_unfollow), which could be triggered by malicious instructions embedded in read content. - Sanitization: The script follows best practices by using
jqto build JSON payloads and encode URI components, which effectively prevents command injection at the system level, but it does not perform semantic filtering of the retrieved text content.
Audit Metadata