spring-data-neo4j

skills-sh:giuseppe-trisciuoglio_developer-kit__spring-data-neo4j

View source

75/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

75/100

CRITICAL 1

LOW 1

Findings (2)

CRITICAL

Instruction override combined with dangerous operations NLP_OVERRIDE_DANGEROUS

prompt-injection L1

Instruction override combined with dangerous operations

Use Spring Boot property overrides for credentials

FIX

Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.

FP?

Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.

LOW

Unscoped Bash tool in allowed tools INDIRECT_010

command-execution L5

Detects skills that include unscoped Bash in their allowed tools list (not Bash(cmd:*) scoped)

allowed-tools: Read, Write, Edit, Bash,

FIX

Scope the Bash tool to specific commands using allowedTools patterns (e.g., Bash(git *) instead of bare Bash). Remove blanket Bash access from allowed_tools lists.

FP?

Likely FP if the Bash entry in allowed_tools is part of a constrained configuration that limits commands elsewhere (e.g., via system prompt restrictions).