neuroskill-bci

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the npx neuroskill command to interact with a local BCI service. This includes a raw command that allows the agent to send arbitrary JSON payloads to a local server on port 8375, and an interactive command that pipes output to dot (Graphviz) to generate SVG files.\n- [EXTERNAL_DOWNLOADS]: The skill uses npx to execute the neuroskill package. By default, npx downloads the package from the npm registry if it is not already present on the local system, which introduces a runtime dependency on external code.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data. Specifically:\n
  • Ingestion points: Commands such as npx neuroskill search-labels and npx neuroskill interactive read user-created labels and annotations from a local database. These labels are provided by the user via the label command and may contain malicious instructions designed to override agent behavior.\n
  • Boundary markers: The instructions do not specify any boundary markers or delimiters to separate the data from instructions when the agent parses the output of these commands.\n
  • Capability inventory: The agent has the capability to execute shell commands (npx neuroskill), write files (> graph.svg), and send OS notifications (npx neuroskill notify).\n
  • Sanitization: There is no evidence of sanitization or validation of the label content before it is processed by the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — neuroskill-bci