redis-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest data from external Redis instances. This creates an indirect prompt injection surface where instructions stored in the database could influence agent behavior. 1. Ingestion points: Data enters via
redis.get,redis.smembers, andredis.send('SCAN', ...). 2. Boundary markers: No delimiters or ignore-instructions warnings are present in the provided patterns. 3. Capability inventory: The skill has access toBash,Read, andWritetools. 4. Sanitization: Examples like the cache-aside pattern do not demonstrate input validation or sanitization of database values before processing. - [Dynamic Execution] (LOW): The skill demonstrates the use of
EVALfor running Lua scripts. This is standard Redis functionality but involves dynamic code execution which should be monitored for injection into the script string. - [Command Execution] (LOW): The skill metadata enables the
Bashtool, which is a powerful capability that provides a broad attack surface if the agent is manipulated via indirect injection.
Audit Metadata