radicale
Fail
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/radicale-api.pyaccesses the sensitive file path~/.claude/.env. This directory is associated with the internal state and configuration of the AI agent rather than the application-specific path (~/.homelab-skills/.env) described in the skill's setup instructions. Accessing this file creates a risk of exposing the agent's own credentials or environment variables. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from an external server without adequate safeguards. Ingestion points: The script
scripts/radicale-api.pyretrieves calendar event summaries, descriptions, and contact names from a remote Radicale server and passes them to the agent. Boundary markers: There are no delimiters or markers used to help the agent distinguish between data and potential instructions embedded within that data. Capability inventory: The skill allows the agent to create, list, and delete calendar events and contacts. Sanitization: No sanitization or escaping is performed on the strings retrieved from the server before they are provided to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata