raindrop-setup
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs package installation and project build/type checks using standard tools like npm, yarn, and pip to ensure integration works correctly.
- [EXTERNAL_DOWNLOADS]: The skill installs legitimate observability SDKs from official package registries. These packages (raindrop-ai, @raindrop-ai/browser-sdk, @raindrop-ai/claude-agent-sdk, and @raindrop-ai/ai-sdk) are maintained by the skill author.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its analysis of user codebase files. 1. Ingestion points: Dependency manifests and source code files (Python, TypeScript, JavaScript) are read during the initial exploration phase. 2. Boundary markers: The instructions advise the agent to avoid reading full env files and API keys, but do not specify technical delimiters for code processing. 3. Capability inventory: The skill can install third-party packages and modify application source code. 4. Sanitization: There is no explicit process for sanitizing instructions potentially hidden in the ingested source code.
Audit Metadata