neon-postgres-branches

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute official vendor-provided commands using neonctl for core database operations, including project listing, project context configuration, and branch management.
  • [EXTERNAL_DOWNLOADS]: The skill directs users to fetch and use the Neon CLI and MCP server from trusted vendor documentation sites (neon.com and console.neon.tech). These references are documented neutrally as they originate from the official service provider.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8). 1. Ingestion points: The agent is instructed to take user-supplied branch names, parent IDs, and project IDs and interpolate them into shell commands. 2. Boundary markers: There are no explicit delimiters or markers defined to isolate user-provided strings within the command templates. 3. Capability inventory: The skill utilizes shell execution via the CLI tool and includes instructions for reading from and writing to local .env files. 4. Sanitization: No specific instructions are provided for input validation, escaping, or filtering of the user-provided parameters before they are passed to the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 09:29 AM
Security Audit — agent-trust-hub — neon-postgres-branches