neta-elementum

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to execute the @talesofai/neta-skills package. This is an official resource from the vendor used to interact with the Neta platform.
  • [COMMAND_EXECUTION]: The instructions guide the agent to perform various shell-based operations like create_elementum and update_elementum using the vendor's CLI tool.
  • [PROMPT_INJECTION]: The skill processes user-supplied text for element configuration, creating an attack surface for indirect prompt injection.
  • Ingestion points: Ingestion occurs via the --name, --prompt, and --description parameters during the Alchemy creation and update stages.
  • Boundary markers: The instructions explicitly require the agent to present the final configuration for user confirmation before executing the forging process.
  • Capability inventory: The skill has access to shell execution via npx across its workflow files.
  • Sanitization: The skill relies on human-in-the-loop validation during the confirmation stage rather than automated sanitization of user input.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 08:28 AM
Security Audit — agent-trust-hub — neta-elementum