Skills
skills/stuartf303/sorcha/redis/Gen Agent Trust Hub

redis

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection via documentation ingestion.
  • Ingestion points: External documentation is pulled into the agent context via mcp__context7__query-docs as described in SKILL.md.
  • Boundary markers: Absent; the skill does not define delimiters to isolate external documentation from system instructions.
  • Capability inventory: The skill grants access to Bash, Write, and Edit tools, allowing for system-level changes.
  • Sanitization: Absent; fetched content is processed without validation or filtering.
  • COMMAND_EXECUTION (LOW): The skill explicitly allows the Bash tool.
  • Evidence: Bash is listed in the allowed-tools section of the YAML frontmatter in SKILL.md. While standard for development, this capability increases the impact of potential injection attacks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:20 AM