Trust Assessment
using-neon received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Potential Command Injection via `curl` examples leading to SSRF.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Potential Command Injection via `curl` examples leading to SSRF The skill provides `curl` command examples within a code block, specifically `curl -H "Accept: text/markdown" https://neon.tech/docs/<path>`. If the AI agent is capable of executing shell commands and substitutes untrusted user input into the `<path>` placeholder, this could lead to Server-Side Request Forgery (SSRF). An attacker could craft malicious input for `<path>` to cause the agent to make arbitrary requests to internal network resources or other external services, potentially exfiltrating data, probing infrastructure, or interacting with unintended endpoints. If the AI agent is intended to execute these commands, implement strict input validation and sanitization for the `<path>` parameter to ensure it only accesses allowed Neon documentation paths and prevents arbitrary URL access or SSRF. Consider using a dedicated tool with strict URL validation instead of raw shell execution. Alternatively, if these commands are solely for user reference, explicitly state that they are examples for the user to execute and not for the AI agent. | LLM | SKILL.md:20 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/9b4630493b216d8c)
Powered by SkillShield