reddapi
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill facilitates network communication with reddapi.dev to retrieve Reddit data and send search queries. While this is the intended functionality, it involves outbound requests to a domain outside the default whitelist.
- [COMMAND_EXECUTION]: The documentation includes shell command examples using curl and python3 -c to interact with the API and parse JSON responses. These are intended as usage examples but involve direct shell interaction.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of Reddit posts and comments (User Generated Content) from reddapi.dev. This creates a surface for indirect prompt injection where malicious instructions hidden in Reddit content could influence agent behavior.
- Ingestion points: Retrieval of Reddit posts/comments via the semantic search and trends endpoints (SKILL.md).
- Boundary markers: No delimiters or protective instructions are used in the documentation examples to isolate the external content.
- Capability inventory: curl for network requests and python3 for JSON processing (SKILL.md).
- Sanitization: There is no evidence of content sanitization or validation of the retrieved Reddit data before it is processed.
Audit Metadata