Skills
skills/sakumyz/skills/redmine-search/Gen Agent Trust Hub

redmine-search

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to read a sensitive credential from the system environment (REDMINE_API_TOKEN) and transmit it to an external domain (redmine-skgd3-local.housei-inc.com). The instructions permit sending the token via URL parameters (?key=<token>), which is a security risk as tokens in URLs are frequently captured in plain text within server logs and proxy records.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted content from external Redmine tickets.
  • Ingestion points: Data is fetched from Redmine API endpoints, specifically /issues.json and /issues/{id}.json.
  • Boundary markers: The instructions lack delimiters or specific directives to treat ticket fields like description or subject as untrusted data, increasing the risk that the agent might follow instructions embedded within a ticket.
  • Capability inventory: The agent is directed to use the fetch_webpage tool to perform these operations.
  • Sanitization: There is no mention of sanitizing, escaping, or validating the ticket content before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 02:03 AM