neta-elementum
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto execute the@talesofai/neta-skillspackage. This is an official resource from the vendor used to interact with the Neta platform. - [COMMAND_EXECUTION]: The instructions guide the agent to perform various shell-based operations like
create_elementumandupdate_elementumusing the vendor's CLI tool. - [PROMPT_INJECTION]: The skill processes user-supplied text for element configuration, creating an attack surface for indirect prompt injection.
- Ingestion points: Ingestion occurs via the
--name,--prompt, and--descriptionparameters during the Alchemy creation and update stages. - Boundary markers: The instructions explicitly require the agent to present the final configuration for user confirmation before executing the forging process.
- Capability inventory: The skill has access to shell execution via
npxacross its workflow files. - Sanitization: The skill relies on human-in-the-loop validation during the confirmation stage rather than automated sanitization of user input.
Audit Metadata