tautulli
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains a section titled "⚠️ MANDATORY SKILL INVOCATION ⚠️" which uses forceful language ("YOU MUST", "NOT optional", "Failure... violates your operational requirements") to override the agent's autonomy and dictate specific invocation triggers. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill consumes data from the Tautulli API, which includes metadata from a Plex Media Server (e.g.,
friendly_name,full_title). This data is untrusted as it originates from the Plex server's users and content. The agent processes this data without explicit boundary markers or sanitization, creating a surface for indirect prompt injection. - Ingestion points: API responses processed via
scripts/tautulli-api.shand presented to the agent. - Boundary markers: Absent.
- Capability inventory: Access to shell tools (
zsh-tool) and the filesystem. - Sanitization: Absent.
- [DATA_EXFILTRATION]: The skill provides access to sensitive user data, including playback history, user email addresses (via
get_users), and IP addresses (viaget_history). While intended for analytics, this data represents sensitive user information that could be exposed if the agent is directed to share this information with unauthorized parties.
Audit Metadata