redis
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill implements patterns that read data from Redis and parse it (e.g., using
json.loadsinscripts/redis-python.pyandreferences/patterns.md). If the Redis instance is populated by external or untrusted applications, an attacker could embed malicious instructions in Redis keys that the agent might later interpret. - Ingestion points:
redis.get(),r.get(), andpubsub.listen()inscripts/redis-python.pyandreferences/patterns.md. - Boundary markers: Absent. No instructions are provided to the agent to distinguish between cached data and system instructions.
- Capability inventory:
redis-cliexecution viascripts/redis-cli-helper.sh, Lua script execution viaredis.evalinreferences/patterns.md, and full key management (DEL, FLUSHALL). - Sanitization: Absent. Content is parsed but not sanitized for downstream prompt use.
- [COMMAND_EXECUTION] (MEDIUM): The skill provides scripts (
scripts/redis-cli-helper.sh) and instructions that allow the agent to execute arbitrary commands on a Redis server, including configuration changes (CONFIG SET) and data destruction (FLUSHALL). - [EXTERNAL_DOWNLOADS] (LOW):
references/redis-guide.mdcontains instructions to download and install Redis usingbrew,apt, anddocker. Per [TRUST-SCOPE-RULE], these are downgraded to LOW/INFO as they reference standard system package managers and official repositories.
Audit Metadata