reddit-search
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with public Reddit JSON API endpoints through read-only HTTP GET requests. No state-changing operations or authenticated requests are performed.\n- [SAFE]: No sensitive data access, credential exposure, or exfiltration patterns were detected. The script uses a standard browser User-Agent for its network requests.\n- [SAFE]: All input parameters, such as search queries, are properly sanitized using URL encoding before being included in network requests.\n- [SAFE]: The skill processes untrusted data from Reddit (e.g., subreddit descriptions and post titles). While this presents a surface for indirect prompt injection, the skill possesses no dangerous capabilities—such as file writing, shell execution, or outbound network posts—that could be exploited via this vector.\n
- Ingestion points: Subreddit metadata and post content retrieved via the axios client in scripts/reddit-search.ts.\n
- Boundary markers: Absent (content is printed directly to the console).\n
- Capability inventory: Limited to HTTP GET requests using the axios library.\n
- Sanitization: Input search terms are processed using encodeURIComponent.
Audit Metadata