Back to skill

Security audit

Agent Prompt Builder

Security checks across malware telemetry and agentic risk

Overview

This is a real Live Neon prompt-management integration, but it can persist conversation-derived observations and change agent or organization prompt identity through remote state changes.

Install only if you intentionally want agents to use Live Neon as a remote, persistent prompt-identity system. Do not allow automatic observation uploads or scheduled heartbeats unless users and admins have opted in, protect LIVE_NEON_TOKEN, avoid sending sensitive conversation details or private source content, and require human review before bulk approvals or group/org consensus changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest markets the skill as a prompt builder, but the documented behavior extends into account creation, remote content ingestion, belief/review workflows, and identity mutation. That scope mismatch is dangerous because users or agents may invoke it under a narrow trust assumption while actually granting a remote service broad control over agent identity and prompt material.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill can run consensus promotion at group or organization scope, which can mutate prompts inherited by many agents at once. For a tool presented as a prompt builder, this creates disproportionate blast radius: a mistaken or manipulated invocation could alter behavior, boundaries, or voice across an entire org.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill encourages agents to submit observations about their own behavior and user corrections for later conversion into beliefs and responsibilities. This creates a self-modifying feedback loop where transient interactions, prompt injection, or adversarial user steering can be laundered into persistent identity changes.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The proactive triggers instruct the agent to invoke the skill at session start, before generating content, after corrections, after significant work, and before irreversible actions. Those broad, automatic conditions can cause frequent unprompted network calls, silent data disclosure, and repeated prompt mutation without clear user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes syncing external content sources and uploading observations to a remote platform, but it does not provide a strong user-facing privacy warning at the point of use. That is dangerous because users may unknowingly send internal content, user corrections, or behavioral data to a third party for analysis and prompt generation.

External Transmission

Medium
Category
Data Exfiltration
Content
Register and get your token in one call — no signup form, no email required:

```bash
curl -s -X POST https://persona.liveneon.ai/api/register \
  -H "Content-Type: application/json" \
  -d '{"org_name": "My Org"}' | jq .
```
Confidence
88% confidence
Finding
curl -s -X POST https://persona.liveneon.ai/api/register \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
Optional: add email for account recovery later:
```bash
curl -s -X PATCH "$LIVE_NEON_BASE/account" \
  -H "Authorization: Bearer $LIVE_NEON_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com"}'
Confidence
84% confidence
Finding
curl -s -X PATCH "$LIVE_NEON_BASE/account" \ -H "Authorization: Bearer $LIVE_NEON_TOKEN" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
**API call:**
```bash
curl -s -X POST "https://persona.liveneon.ai/api/register" \
  -H "Content-Type: application/json" \
  -d '{"org_name": "My Org"}'
```
Confidence
88% confidence
Finding
curl -s -X POST "https://persona.liveneon.ai/api/register" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
**API call:**
```bash
curl -s -X POST "$LIVE_NEON_BASE/pbd/process" \
  -H "Authorization: Bearer $LIVE_NEON_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"agentId": "AGENT_ID"}'
Confidence
90% confidence
Finding
curl -s -X POST "$LIVE_NEON_BASE/pbd/process" \ -H "Authorization: Bearer $LIVE_NEON_TOKEN" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
**API calls:**
```bash
# Fetch pending beliefs
curl -s "$LIVE_NEON_BASE/beliefs?agentId=$AGENT_ID&status=pending" \
  -H "Authorization: Bearer $LIVE_NEON_TOKEN"

# Fetch pending responsibilities
Confidence
87% confidence
Finding
curl -s "$LIVE_NEON_BASE/beliefs?agentId=$AGENT_ID&status=pending" \ -H "Authorization: Bearer $LIVE_NEON_TOKEN" # Fetch pending responsibilities curl -s "$LIVE_NEON_BASE/responsibilities?agentId=$

External Transmission

Medium
Category
Data Exfiltration
Content
**Single observation:**
```bash
curl -s -X POST "$LIVE_NEON_BASE/observations" \
  -H "Authorization: Bearer $LIVE_NEON_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
94% confidence
Finding
curl -s -X POST "$LIVE_NEON_BASE/observations" \ -H "Authorization: Bearer $LIVE_NEON_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "agent_id": "'$AGENT_ID'", "content": "User cor

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 1. Report observations accumulated since last heartbeat
curl -s -X POST "$LIVE_NEON_BASE/observations" \
  -H "Authorization: Bearer $LIVE_NEON_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
95% confidence
Finding
curl -s -X POST "$LIVE_NEON_BASE/observations" \ -H "Authorization: Bearer $LIVE_NEON_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "agent_id": "'$AGENT_ID'", "observations": [

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| Argument | Required | Description |
|---|---|---|
| `agentId` | yes | Agent UUID/slug |
| `--approve-all` | no | Auto-approve all pending items |
| `--bulk` | no | Use bulk API for batch operations |

**API calls:**
Confidence
91% confidence
Finding
Auto-approve

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.