redis-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The installation instructions provide commands for
apt installandsystemctl enable, which perform system-wide package installation and service configuration requiring root or sudo permissions. - [Persistence Mechanisms] (HIGH): The command
systemctl enable redis-serveris used to ensure the Redis service persists across system reboots by creating symlinks in systemd directories. - [Indirect Prompt Injection] (MEDIUM): The skill provides code snippets susceptible to injection vulnerabilities.
- Ingestion points:
idvariable ingetUserandipvariable inrateLimitfunctions inSKILL.md. - Boundary markers: None present.
- Capability inventory: The skill contains no active script files or executable logic.
- Sanitization: Absent; the code uses direct template literal interpolation (e.g.,
user:${id}) which could allow key injection if inputs are not validated. - [Credentials Unsafe] (LOW): The session storage example includes a hardcoded placeholder string
'secret'for the session secret, which could lead to insecure production deployments if developers do not replace it with an environment variable.
Recommendations
- AI detected serious security threats
Audit Metadata