reddit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches public, user-generated Reddit content (e.g., via "reddit.sh fetch" in SKILL.md and the scripts/reddit.sh enrich_posts function calling Reddit's public JSON API), ingests and analyzes those posts/comments as core workflow inputs, and uses their content to drive scoring, comment-fetching, alerts, promotions, and other follow-up actions—creating a clear avenue for indirect prompt injection from untrusted third-party content.