neon-postgres

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow fetches and ingests Neon documentation pages as Markdown (e.g., via the docs index/URLs like https://neon.com/docs/llms.txt and .../branching.md), which is outsider-authored free text from a public website into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch Neon documentation at runtime (e.g. https://neon.com/docs/llms.txt and pages like https://neon.com/docs/introduction/branching.md or via curl for markdown) and to use that fetched markdown as the "source of truth" to control responses, so remote content directly influences agent prompts/instructions.