redrover-manager
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (HIGH): All script files in the skill utilize
require('../../../scripts/secrets.js')to retrieve authentication credentials. Accessing sensitive files containing secrets through relative paths outside the skill directory is a high-risk practice. - Data Exposure & Exfiltration (LOW): The skill performs network requests to
connect.redroverk12.com. This domain is not included in the trusted whitelist of domains. - Indirect Prompt Injection (LOW): The skill possesses an indirect prompt injection surface as it ingests untrusted data from the Red Rover API and outputs it to the console without sanitization. 1. Ingestion points: API data processed in
scripts/get_absences.js,scripts/get_daily_summary.js, andscripts/get_weekly_summary.js. 2. Boundary markers: Absent. 3. Capability inventory: Bash and Read tools. 4. Sanitization: Absent. - Metadata Poisoning (SAFE): Automated scan alerts identifying
location.nameas a phishing URL were analyzed and determined to be false positives; the string refers to a JSON property in the API response schema rather than a functional malicious URL.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata