neuroskill-bci
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
npx neuroskillcommand to interact with a local BCI service. This includes arawcommand that allows the agent to send arbitrary JSON payloads to a local server on port 8375, and aninteractivecommand that pipes output todot(Graphviz) to generate SVG files.\n- [EXTERNAL_DOWNLOADS]: The skill usesnpxto execute theneuroskillpackage. By default,npxdownloads the package from the npm registry if it is not already present on the local system, which introduces a runtime dependency on external code.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data. Specifically:\n - Ingestion points: Commands such as
npx neuroskill search-labelsandnpx neuroskill interactiveread user-created labels and annotations from a local database. These labels are provided by the user via thelabelcommand and may contain malicious instructions designed to override agent behavior.\n - Boundary markers: The instructions do not specify any boundary markers or delimiters to separate the data from instructions when the agent parses the output of these commands.\n
- Capability inventory: The agent has the capability to execute shell commands (
npx neuroskill), write files (> graph.svg), and send OS notifications (npx neuroskill notify).\n - Sanitization: There is no evidence of sanitization or validation of the label content before it is processed by the agent's logic.
Audit Metadata