Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it retrieves and processes untrusted content from Reddit (posts, comments, search results) which the agent then interprets. An attacker could craft a Reddit post containing instructions to manipulate the agent's behavior.
- Ingestion points:
scripts/reddit.mjs(functionsgetPosts,searchPosts,getComments, andmodAction). - Boundary markers: None. Content is provided to the agent as raw strings or JSON without delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent can post content, reply to comments, and perform moderation actions like locking threads or removing posts.
- Sanitization: No sanitization or filtering is performed on the data retrieved from the Reddit API.
- [COMMAND_EXECUTION]: The
loginfunction inscripts/reddit.mjsuseschild_process.execto automatically open the OAuth authorization URL in the user's default browser. While a standard feature for local development tools, this involves spawning a shell process with a constructed URL string.
Audit Metadata