Skills
skills/aiskillstore/marketplace/neovim-debugging/Gen Agent Trust Hub

neovim-debugging

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill-report.json file contains a self-referential security audit that claims the skill is safe and pre-emptively dismisses potential findings. This is a form of metadata poisoning (Category 7) and self-referential prompt injection (Category 8e) designed to bias automated security evaluations.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted data.\n
  • Ingestion points: User-provided error messages (via AskUserQuestion tool) and local Neovim configuration files such as lazyvim.json and lazy-lock.json (via Read and Bash tools).\n
  • Boundary markers: Absent; there are no instructions to use delimiters or 'ignore embedded instructions' warnings when processing this data.\n
  • Capability inventory: The skill utilizes the Bash tool to execute nvim --headless, cat, grep, and jq, and the Read and Glob tools for file access.\n
  • Sanitization: Absent; no validation or escaping of external content is performed before interpolation into the agent's reasoning context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 07:25 AM
Security Audit — agent-trust-hub — neovim-debugging