agent-reach

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to execute external command-line utilities. This includes running yt-dlp for media extraction, gh for GitHub interactions, and mcporter for MCP server communication. In cli.py, it specifically uses shell=True to run installation commands for system packages.
  • [EXTERNAL_DOWNLOADS]: The installation and setup routines download and execute scripts from external sources. It fetches Node.js installation scripts from NodeSource and the fnm installer from Vercel's domain. It also uses package managers like npm and pip to install various dependencies from public registries.
  • [DATA_EXFILTRATION]: The skill includes functionality in cookie_extract.py to search for and extract session cookies (such as auth_token and ct0 for Twitter/X) from local browser databases (Chrome, Firefox, Edge, etc.) using the browser-cookie3 library. While this is a documented feature for providing the agent with browser-level access, it involves handling highly sensitive personal data.
  • [PROMPT_INJECTION]: The skill functions as an aggregator of untrusted data from the internet (web pages, RSS feeds, social media posts, and video transcripts).
  • Ingestion points: Content is fetched in agent_reach/channels/web.py, reddit.py, twitter.py, and youtube.py.
  • Boundary markers: The skill does not implement delimiters or 'ignore' instructions when returning internet content to the agent.
  • Capability inventory: The skill has access to significant system capabilities via subprocess.run across multiple platform channels.
  • Sanitization: There is no evidence of content sanitization or filtering before the data is processed by the AI, presenting a surface for indirect prompt injection.
Recommendations
  • HIGH: Downloads and executes remote code from: https://fnm.vercel.app/install, https://deb.nodesource.com/setup_22.x, http://localhost:18060/ - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — agent-reach