Back to skill

Security audit

Neon Postgres

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Neon Postgres skill that points agents to official Neon docs and related tools, with no hidden code or automatic actions.

Safe to install as a Neon documentation aid. Before following suggested CLI, MCP, SDK, Admin API, or auth workflows, confirm actions against official Neon docs, use least-privilege credentials, and manually review any command that creates, modifies, or deletes database resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to activate on nearly any Neon-related discussion, not just narrowly scoped operational tasks. That can cause unnecessary or premature skill invocation, increasing the chance the agent follows this skill's guidance in contexts where it is incomplete, stale, or less appropriate than other sources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.