raindrop-api
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill documentation establishes an attack surface where untrusted data from external sources can influence the agent's use of sensitive API capabilities.\n
- Ingestion points: The agent retrieves untrusted text excerpts (
text) and annotations (note) from external web pages via the highlights API endpoints described inreferences/highlights.md.\n - Boundary markers: Absent. The documentation provides no instructions or templates for delimiting untrusted highlight content to prevent it from being interpreted as commands by the agent.\n
- Capability inventory: The skill provides instructions for the agent to invite new collaborators with write access (
references/collections-sharing.md), delete highlights (references/highlights.md), and perform searches across the user's entire collection.\n - Sanitization: Absent. There is no mention of filtering, escaping, or validating the content of highlights before the agent processes it.\n- Command Execution (LOW): The documentation contains numerous
curlcommands. While these are standard API interactions and target the legitimateapi.raindrop.iodomain, they involve the execution of shell commands with the user's authorization token.
Audit Metadata