neodb
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a documentation-only resource and does not include any bundled scripts or executable code. It provides instructions and implementation patterns for developers to manually integrate NeoDB functionality.
- [DATA_EXFILTRATION]: Network operations are restricted to the official NeoDB domain (neodb.social) for searching and retrieving media metadata. The skill does not perform any operations involving sensitive local file access or unauthorized data transmission.
- [CREDENTIALS_UNSAFE]: Documentation regarding authenticated endpoints uses standard placeholders like for bearer tokens. There are no hardcoded API keys, secrets, or credentials within the files.
- [PROMPT_INJECTION]: The skill processes untrusted data from an external media catalog, which represents an indirect prompt injection surface. This is evaluated as safe based on the following: (1) Ingestion points: Metadata returned from NeoDB API endpoints; (2) Boundary markers: Suggested use of jq field projection to isolate specific data; (3) Capability inventory: Restricted to curl, fetch, and jq; (4) Sanitization: Implementation examples demonstrate input trimming, length capping, and URI encoding.
Audit Metadata